Expert Reaction On DopplePaymer Ransomware Infected The Network Of One Of NASA’s IT Contractors

The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA’s IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. According to the company’s press releases, DMI’s customer list includes several Fortune 100 companies and many government agencies, among them NASA. It is unclear how deep inside DMI’s network the DopplePaymer gang made it during their breach, and how many customer networks they managed to breach.

Experts Comments

June 04, 2020
Jamie Akhtar
CEO and Co-founder
CyberSmart
This breach really highlights the role of the supply chain in high-profile cyber breaches. In 2018, just over half of organisational breaches were caused by third-party vendors. These smaller businesses, without their own security in place, serve as open doors to the sensitive data of their customers. As supply chains become increasingly integrated and complex, it's important that businesses require their contractors to meet security standards. For example, over 80% of cyber breaches can be.....Read More
This breach really highlights the role of the supply chain in high-profile cyber breaches. In 2018, just over half of organisational breaches were caused by third-party vendors. These smaller businesses, without their own security in place, serve as open doors to the sensitive data of their customers. As supply chains become increasingly integrated and complex, it's important that businesses require their contractors to meet security standards. For example, over 80% of cyber breaches can be prevented by following the security controls covered in the UK's Cyber Essentials standards.  Read Less
June 04, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
In data breaches of this type, the first impulse of any company would be to pay the ransom. However, there is no guarantee that paying a ransom will result in the recovery of data, or in cases like this one, that the data won't be sold or given to hackers for use at a later time. Companies must learn to harden their defences, even going so far as to limit access from the web. While limiting employee internet access to data could be inconvenient, there are other more secure ways to access data.....Read More
In data breaches of this type, the first impulse of any company would be to pay the ransom. However, there is no guarantee that paying a ransom will result in the recovery of data, or in cases like this one, that the data won't be sold or given to hackers for use at a later time. Companies must learn to harden their defences, even going so far as to limit access from the web. While limiting employee internet access to data could be inconvenient, there are other more secure ways to access data over the net, including the use of a secure corporate VPN.  Read Less
June 04, 2020
Paul Bischoff
Privacy Advocate
Comparitech
The theft and ransom of NASA data from a third-party contractor could be dangerous in the wrong hands. This is data that's not just valuable to financially-motivated criminals, but also nation-state actors who want to spy on NASA and its employees. Employee records, for example, could be used to vet and recruit individuals working for NASA to spy and steal on behalf of foreign governments.
June 04, 2020
Boris Cipot
Senior Sales Engineer
Synopsys
There is currently a high level of uncertainty regarding what data has been breached, but based on what has been published to support DopplePaymer's claims, it would seem that many governmental organisations and Fortune 100 companies could be affected. I am sure that DMI is doing all they can to check the verity of these claims and, in the case that they are found to be true, find the cause of the breach. I would recommend that all organisations, whether customers or partners of DMI, do the.....Read More
There is currently a high level of uncertainty regarding what data has been breached, but based on what has been published to support DopplePaymer's claims, it would seem that many governmental organisations and Fortune 100 companies could be affected. I am sure that DMI is doing all they can to check the verity of these claims and, in the case that they are found to be true, find the cause of the breach. I would recommend that all organisations, whether customers or partners of DMI, do the same. Check your systems and networks for any irregularities and watch out for possible attacks in the form of phishing emails. Be wary of emails or messages that have attachments or links, and avoid opening them if possible. With access to personal user information as well as that of companies, phishing attacks can appear much more credible than generic ones. Specifically, look out for social engineering attacks, or calls and emails from 'contractors'. The rule to follow is 'Check before you Act'.  Read Less
June 04, 2020
Paul Edon
Senior Director (EMEA)
Tripwire
Remote Desktop Services (RDS) provide IT departments with an effective and efficient method by which they are able to configure, maintain and manage remote corporate IT assets, so much so that RDS is often seen as a core element of the IT management strategy. The RDS solutions in use today have been developed over many years and with the experience gained from an embarrassing number of security issues and breaches. For the most part, vendors have been quick to act and RDS, if configured.....Read More
Remote Desktop Services (RDS) provide IT departments with an effective and efficient method by which they are able to configure, maintain and manage remote corporate IT assets, so much so that RDS is often seen as a core element of the IT management strategy. The RDS solutions in use today have been developed over many years and with the experience gained from an embarrassing number of security issues and breaches. For the most part, vendors have been quick to act and RDS, if configured correctly, can be considered low risk. However, nothing is perfect and we should expect to see new vulnerabilities exposed with RDS that criminal elements will attempt to exploit in an effort to gain access to such assets. There are a number of key practices that organisations can implement to assist reduce their risk exposure to RDS exploits: a. Configuration of RDS should follow best practice, be well documented, and be closely monitored for unauthorised change. b. Software updates and patches should be tested and implemented in a timely fashion. c. RDS should only be enabled on those devices that require remote management, on all other devices it should be disabled. d. Network Level Authentication should be enabled. e. Connections should only be allowed from specific sources. f. Configuration management and monitoring should be used to prevent unauthorised changes to “a” through “e”. g. Employ a robust backup strategy.  Read Less
June 04, 2020
Professor Oleg Kolesnikov
VP of threat research
Securonix
In light of the recent successful SpaceX launch breakthrough, the DoppelPaymer release almost seems like an antithesis, but this is exactly what many of the malicious threat actors are about--taking advantage of the victims at times when it could cause the most damage. Based on our monitoring of DoppelPaymer malicious threat actor and the analysis of cadence of the leaks published by DoppelPaymer in recent months (the main DP leak site appears to be down at the moment, but the dark web portal.....Read More
In light of the recent successful SpaceX launch breakthrough, the DoppelPaymer release almost seems like an antithesis, but this is exactly what many of the malicious threat actors are about--taking advantage of the victims at times when it could cause the most damage. Based on our monitoring of DoppelPaymer malicious threat actor and the analysis of cadence of the leaks published by DoppelPaymer in recent months (the main DP leak site appears to be down at the moment, but the dark web portal they are using to publish victim data is still up), we have been seeing a relative decline in the number of victim leaks from DoppelPaymer with over 50% drop in May 2020 compared to earlier months. Whether or not this is just an aberration, or a trend still remains to be seen. However, based on what we are observing, it appears that the calibre of the victims targeted by the malicious threat actor appears to be getting slightly higher, with more of the bigger companies and third-party contractors associated with the companies being targeted, which may indicate attempts to shift to the "bigger game hunting" approach that some of the other malicious threat actors have been adopting potentially causing more damage to the victims in the future.  Read Less
June 04, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
It's unclear as to how the DopplePaymer ransomware gang infiltrated DMI, or how far they actually got. However, it raises the important point of ensuring security throughout the supplier and vendor ecosystem. It's not just enough for organisations to secure their own systems, but they should be conducting due diligence and adequacy checks with all of their partners and suppliers with procedures in place in how to respond to an incident and share information.
June 04, 2020
Chris Clements
VP
Cerberus Sentinel
Supply-chain cyberattacks from vendors or business partners can blind-side businesses who haven’t accounted for that potential risk. It’s critical that all organizations perform due diligence on any business partner with access to their data or network. Effective management strategies can include implementing contractual requirements that all vendors or contractors follow information security best practices and are themselves regularly tested to confirm that no security issues that could.....Read More
Supply-chain cyberattacks from vendors or business partners can blind-side businesses who haven’t accounted for that potential risk. It’s critical that all organizations perform due diligence on any business partner with access to their data or network. Effective management strategies can include implementing contractual requirements that all vendors or contractors follow information security best practices and are themselves regularly tested to confirm that no security issues that could threaten the organization are present. Businesses should also ensure that they have accounted for the breach of any other organization that has access to their systems or data as part of their overall risk management program. Where possible, controls and safeguards including validating that partner access is limited to the least possible amount and segmented off from the larger IT environment should be implemented to mitigate the potential damage from supply-chain threat vectors.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.