Within the past few weeks there have been several high-profile data breaches that have originated from Ransomware attacks. This blog will explore these recent attacks and offer practical tips on how you protect your organisation from Ransomware threats.
MGM and Caesars under attack from cybercriminal group, Scattered Spider
MGM, the prominent hotel casino operator along the Las Vegas Strip, faced substantial disruptions as a result of a cyber security breach in September, leading to the shutdown of their internal networks. This breach had a far-reaching impact, affecting diverse systems such as slot machines, digital hotel room keys, online reservations and credit card processing.
Furthermore, Caesars, another American hotel and casino entertainment company, recently revealed that it too had fallen victim to a cyber attack earlier this summer resulting in the compromise of sensitive data including driver’s license numbers and potentially even social security numbers of a significant number of members in its loyalty program. The full extent of these breaches remains uncertain however Caesars reportedly chose to pay a $15 million ransom to the hackers.
The cyber criminal group Scattered Spider is well known for its social engineering tactics, and they rely heavily on remote management tools to gain access to their target’s devices. Using methods such as phone calls and SMS to impersonate IT staff, victims are often directed to visit a fake website with a company logo, where they were tricked into entering their credentials, or to download a Remote Monitoring and Management (RMM) tool that would give the threat actor control over their system.
So, how can you prevent Social Engineering attacks?
Educate Employees-You’ve probably heard this one many times before but educating your employees is a key aspect of preventing ransomware attacks. Conducting regular training exercises to alert your employees of the latest threats is increasingly important. Make sure they’re aware of the policies that you have in place and where they can report an incident if one was to occur.
Ensure Your Software Stays Current -Regularly updating your software is a critical step in safeguarding your applications against the latest emerging threats. Whenever a vulnerability is exploited, software developers promptly address it in subsequent updates. Therefore, choosing your product vendors wisely and staying vigilant with software updates guarantees you have the most cutting-edge security measures in place.
Monitor for Potential Data Breaches – Some organisations proactively monitor their online accounts for signs of cyber attacks using log records to identify potential vulnerabilities and breaches. If your employee’s account has been identified as one that has potentially been compromised within your system, it is crucial to promptly strengthen its security measures. This may include actions such as resetting their password or enabling multi-factor authentication (MFA) for added protection.
Greater Manchester Police Cyber Security Attack
Sensitive personal data of Greater Manchester Police officers were recently obtained by cyber criminals through a ransomware attack on their supplier who produces ID cards for officers. Just over a month before this a breach occurred involving the personal information of Police Service of Northern Ireland staff including the surname, initials, rank or grade, work locations and departments. This breach could potentially cost the force £240m in security and legal costs.
Supply chain attacks are becoming extremely popular with cyber criminals as they look for the weakest link within an organisation infrastructure. It’s important as an organisation to work closely with your third-party suppliers to create a resilient infrastructure.
How to prevent supply chain attacks?
Implement a Zero Trust Policy- Assume all network activity is malicious by default. Make sure that each connection made to your network is met by a strict list of policies before it is permitted access to your network. Continuously monitor which users have access to your network and files closely insepection network traffic and create logs to keep track of any potential breaches. A user’s rights to access your systems and data may change for example, if they your company it is important that access is removed.
Protect your network- Having a joint security policy can help defend your network from potential cyber attacks this ensures that your employees and staff are following the same policies to protect your data Using vendor technologies like F5 and Fortinet solutions can help you stay protected. At FullProxy we recommend using F5 Distributed Cloud and FortiGate Firewalls.
Enforce stringent regulations for shadow IT
Shadow IT encompasses all information technology systems that lack approval from the organisation’s security team. In light of the widespread transition to remote work on a global scale, many employees have integrated their personal IT equipment into the setup of their home offices and it could be possible for company data to end up residing on systems, personal email accounts and cloud storage not sanctioned by employers. To bolster IT security, it is imperative for IT security departments to mandate the registration of all IT devices, accompanied by rigorous guidelines and controls specifying permissible and prohibited connections.
In conclusion, these recent ransomware attacks serve as stark reminders that an organisation’s cyber security needs constant monitoring. By arming your organisation with knowledge, enhancing your cyber security, and educating your employees within your organisation, you can navigate any threats that you may face. The lessons learnt from these incidents can guide you towards a safer and more secure digital future.