Expert Advise After Dozens Of US News Sites Hacked In WastedLocker Ransomware Attacks

The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework. The employees’ computers were used as a stepping point into their companies’ enterprise networks as part of what looks like a series of targeted drive-by attacks.

Subscribe
Notify of
guest

5 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
July 3, 2020 7:26 pm

Companies do not exist on their own. Even if a company is not a subsidiary, it is probably part of a supply chain. This breach highlights how interdependent these security systems are. One company failing to practice good security can have far-reaching effects. Luckily, basic cyber hygiene like keeping software up to date and having secure passwords can go a long way in preventing the majority of breaches. Even the smallest companies can thoroughly protect themselves by following government guidelines like those set out in the Cyber Essentials scheme.

Last edited 2 years ago by Jamie Akhtar
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
July 3, 2020 7:25 pm

This is another case where the infection of these networks could have been prevented by educating employees and executives on how to avoid ransomware infections. I cannot stress enough that educating employees to the dangers of clicking links in browser popups, emails, and text messages is worth it, no matter the cost. The possible costs of network downtime, loss of income, and the cost of recovery easily outweigh the costs of employee education.

Last edited 2 years ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
July 3, 2020 4:45 pm

Drive-by downloads that use javascript to infect devices can be difficult for website visitors to avoid, especially if that website has been trustworthy in the past, in which case it won\’t be blacklisted. Downloads take place in the background and often don\’t require any interaction from the victim.

Most people don\’t disable scripts in their web browsers because javascript is so common on the web. Disabling scripts will make you safer by preventing attacks like SocGholish, but many websites won\’t function properly without javascript. It can be inconvenient, but I recommend using a plugin like NoScript and enabling scripts on an as-needed basis for individual websites.

Last edited 2 years ago by Paul Bischoff
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
July 2, 2020 6:16 pm

With well-established criminals groups like Evil Corp, there is no lack of innovation when it comes to deploying the malware. In this case, the gang used a fake software update alert which popped up on users screens when browsing to particular websites. This demonstrates why a layered approach to security is essential so that if one area is bypassed, the next layer can stop it. Prevention controls can prevent the malicious code being deployed to sites, and if that is bypassed, threat detection can quickly identify and respond to the malware. Another crucial part of the equation is the human element. With regular and relevant security awareness and training delivered to employees, they would be less likely to fall victim to drive-by downloads or other social engineering attacks.

Last edited 2 years ago by Javvad Malik
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
InfoSec Expert
July 2, 2020 6:14 pm

Ransomware brings organizations to a stop causing havoc and shutting down business function in the worst instances. Organizations can pro-actively defend against Ransomware by having crisis management in place that practice scenarios involving Ransomware. Key learnings come from crisis management table top exercises including business continuity gaps. That this particular ransomware uses an auction system will only make it profitable, and therefore more popular. The best detection – is ensure all end-users are aware of process to report to cybersecurity team – a quick response reduces business impacts and consequences and finally the best prevention to ransomware is \”IDENTITY\” knowing who (end-users) and what (devices) is trying to access your technology environment in this case US Newspaper technology environment. Companies that leverage cloud-based storage and automatic synching from end point devices will be well-placed to recover from such attacks, but should practice the recovery procedure to minimize downtime if an attack does occur.

Last edited 2 years ago by Niamh Muldoon
Information Security Buzz
5
0
Would love your thoughts, please comment.x
()
x