Vulnerabilities in MOVEit data transfer software have already led to well-known hacks at big names like British Airways and the BBC. Now a veritable wave of blackmail is to be feared, after a lot of data has already been stolen.

Cyber ​​security experts fear a wave of possible blackmail after hacks at big names like the BBC and British Airways. A lot of personal data was stolen through vulnerabilities in Progress Software’s MOVEit file transfer software.

Sometimes crime pays

Earlier this week, US government cybersecurity agencies warned about the vulnerabilities in MOVEit, but the damage has already been done multiple times. Progress has now released a patch and is now trying to limit the damage. The company also released the necessary notices.

In the meantime, not only the BBC and British Airways reported data hacks, but also the Canadian province of Nova Scotia. According to Microsoft, the same hackers are behind the Clop ransom site. This group is responsible for numerous data thefts and related extortions worldwide; from government agencies to pharmaceutical companies to military targets.

Security

Such attacks are always a risk in online businesses. However, that doesn’t mean you can’t prepare and arm yourself. In recent weeks, both IBM and Amazon Web Services have published reports on how to protect their systems. In February, IBM also published its annual report on cybersecurity and online attacks.

IBM

IBM has described and analyzed a typical ransomware attack, dividing it into five steps. Step one is access, often via phishing. Then there is the probing, so to speak, the searching. This often happens with software that is operated remotely. In the third step, hackers search the network for specific credentials that allow access to the desired destination. The fourth step is effective data theft and finally effective malware activation. According to IBM, analysts who consider this model will detect a ransomware attack much faster.

John Dwyer, head of security at IBM, pointed out that zero-days (unpatched vulnerabilities, such as MOVEit recently) allow attackers to proceed to step four immediately. Therefore, it is especially important for cybersecurity teams to be aware of such vulnerabilities.

IBM’s security report contains more than one suggestion to improve online security. For example, there’s something they call a “domain sinkhole.” Such a “sinkhole” allows organizations to send domain names through an internal server, which then warns surfers when they want to visit a blocked website.

Another suggestion is to change default passwords anyway and regularly check that this is actually happening. IBM also recommends disabling Windows Script Host on all endpoint computers to prevent a malicious script from launching a ransomware attack.

Another important and logical point is simply proper preparation. Properly training all relevant teams and planning how to respond to online attacks can save up to $1 million in financial losses, according to the IBM report.

Amazon Web Services

The AWS report (Blueprint for ransomware mitigation) is of course primarily based on Amazon’s systems and includes dozens of security features from AWS.

For example, there is guidance on how to set up an AWS Shield to prevent denial of service attacks, where attackers primarily make a page work so hard that users can no longer access it.

Guardduty is then used to detect malware and Macie detects sensitive data to automatically set up additional security.

Then there’s the control tower for setting up CloudTrail to register data events that are recorded in CloudWatch.

At first glance, this report is helpful, but it shows how extensively companies need to train their teams to work with the AWS systems.