Expert Comments

Europe’s Largest Mobile Operator Orange Hit by Ransomware Attack – Expert Commentary

Expert(s): Security Experts
Expert(s): Security Experts

Orange, a French telecommunications company and the fourth-largest mobile operator in Europe, has confirmed it suffered a ransomware attack on July 4-5. The attack exposed the data of 20 of their enterprise customers, and it has since been leaked online via Nefilm Ransomware’s site. Specific details around how this attack occurred have not been released, but Orange has issued a statement confirming the success of the attack.

Experts Comments

Dot Your Expert Comments
Mark Bagley
July 20, 2020
VP of Product
AttackIQ

To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary.
This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Orange itself but also the employees and customers of the enterprise customers whose data have been exposed. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. Data is not just encrypted, but actually stolen and often exposed – making these attacks even more detrimental. Because of this,.....Read More
This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Orange itself but also the employees and customers of the enterprise customers whose data have been exposed. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. Data is not just encrypted, but actually stolen and often exposed – making these attacks even more detrimental. Because of this, it's important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks. To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, companies can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Additionally, companies should use automated solutions that safely emulate the most common ransomware campaigns and their techniques to avoid falling victim.  Read Less
Tarik Saleh
July 20, 2020
Senior Security Engineer and Malware Researcher
DomainTools

This ransomware attack to Orange is just the latest of a long line of attacks to show how profitable these operations are for cybercriminals.
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should .....Read More
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should be notified. In that sense, Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks – e.g. changing the password of their accounts and looking out for potential phishing/spear-phishing emails.  Read Less
Javvad Malik
July 20, 2020
Security Awareness Advocate
KnowBe4

The unfortunate ransomware attack against Orange highlights the ongoing move by criminals to exfiltrate data.
The unfortunate ransomware attack against Orange highlights the ongoing move by criminals to exfiltrate data as part and parcel of a ransomware campaign. Therefore, it makes it even more essential that organisations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won't bring back data that has been stolen. As part of this, organisations should implement a layered defensive strategy, in particular against.....Read More
The unfortunate ransomware attack against Orange highlights the ongoing move by criminals to exfiltrate data as part and parcel of a ransomware campaign. Therefore, it makes it even more essential that organisations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won't bring back data that has been stolen. As part of this, organisations should implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware. This includes having technical controls, the right procedures, and ensuring staff have relevant and timely security awareness and training  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...