Global shipping and mailing services company Pitney Bowes announced the partial system outage that impacted customer access to some services as a result of a ransomware attack that encrypted some of its systems.

Experts Comments

October 15, 2019
Raphael Reich
Vice President
CyCognito
Major organizations such as Pitney Bowes are increasingly under threat of ransomware, as the FBI warned just last week. While it's not yet clear what the source of the Pitney Bowes incident was, organizations focused on digital transformation find themselves open to these attacks because exposed of pathways in their IT ecosystem of which they are typically unaware. This includes not only their own IT assets, such as servers, applications and infrastructure, but IT assets that belong to, or are.....Read More
Major organizations such as Pitney Bowes are increasingly under threat of ransomware, as the FBI warned just last week. While it's not yet clear what the source of the Pitney Bowes incident was, organizations focused on digital transformation find themselves open to these attacks because exposed of pathways in their IT ecosystem of which they are typically unaware. This includes not only their own IT assets, such as servers, applications and infrastructure, but IT assets that belong to, or are managed by their third party vendors, partners or subsidiaries, which are highly interconnected with the company. These shadow assets and attack vectors create shadow risk, which arises when organizations have not fully mapped their attack surface. When attackers find these exposed and unsecured assets, they can leverage vulnerabilities in them to launch ransomware attacks. Ransomware provides an easy income for cybercriminals targeting successful corporations, which are typically taken completely by surprise when they learn just how many unsecured IT assets their ecosystem partners and subsidiaries have, and what an easy target for exfiltration and ransomware those assets present.  Read Less
October 16, 2019
Dr. Guy Bunker
CTO
Clearswift
While it is unclear how the attack was carried out, the majority of ransomware attacks come from weaponised documents which are sent through email or downloaded from a link in an email. Weaponised documents can be effectively neutralised as they cross the organisation boundary using structural sanitisation functionality. However, this isn’t just about technology - educating users to recognise threats is an important step. Furthermore, there is a need for policies and processes in place to.....Read More
While it is unclear how the attack was carried out, the majority of ransomware attacks come from weaponised documents which are sent through email or downloaded from a link in an email. Weaponised documents can be effectively neutralised as they cross the organisation boundary using structural sanitisation functionality. However, this isn’t just about technology - educating users to recognise threats is an important step. Furthermore, there is a need for policies and processes in place to ensure that if there is an issue it can be addressed as quickly and effectively as possible. The challenge is that when using a reputable company, such as Pitney Bowes, customers expect they will have great information security. And when it doesn’t, it causes real issues. Had this been a small or unknown company, then the advice would be to go to a bigger player. But not in this case. All businesses need to have a Disaster Recovery and Business Continuity plan, and this should include cyber threats and information supply chain threats as well. Organisations need to have a backup plan for key suppliers - such that in a case like this the disruption is minimised. Unfortunately, we should expect to see a rise in these sort of attacks. Attacks are becoming increasingly sophisticated and high profile organisations are top targets. Top targets particularly include those who provide a service to multiple other organisations - a ransomware attack on those will often result in a knee-jerk reaction to pay the ransomware to get the business and its customers back up and running.  Read Less
October 18, 2019
Jake Moore
Cybersecurity Specialist
ESET
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that.....Read More
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that if they are targeted, they are more likely to be back online with business as usual in a quicker time frame. I would always recommend testing the restore process, as this is where so many ransomware victims fall over.  Read Less
October 17, 2019
Jake Moore
Cybersecurity Specialist
ESET
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that.....Read More
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that if they are targeted, they are more likely to be back online with business as usual in a quicker time frame. I would always recommend testing the restore process, as this is where so many ransomware victims fall over.  Read Less
October 15, 2019
Shawn Kanady
Director of Digital Forensics, Incident Response
Trustwave SpiderLabs
Today, what’s happening is not everyone is paying, so attackers want to hit the institutions or companies that are going to hurt the most because they’ll be put in a position where they’ll have to pay. But it’s key for organizations to remember -- the ransomware is just the end payload. They need to focus on how the attacker got in. Overall, there are seven key steps organizations need to take to defend against ransomware: 1. Backup Your Data - Have an online backup, but also.....Read More
Today, what’s happening is not everyone is paying, so attackers want to hit the institutions or companies that are going to hurt the most because they’ll be put in a position where they’ll have to pay. But it’s key for organizations to remember -- the ransomware is just the end payload. They need to focus on how the attacker got in. Overall, there are seven key steps organizations need to take to defend against ransomware: 1. Backup Your Data - Have an online backup, but also keep an offline copy of it as well. 2. Inventory Your Systems - Conduct an IT audit of your systems. Make sure that anything that’s legacy or something that can’t be patched (like a Windows 2003 server) is isolated and highly monitored because it will be your biggest liability. 3. Conduct Continuous Awareness Training - Keep your security awareness training up because humans are the weakest link. 4. Implement a Patch Cycle Program - Have a good patch management program when you’re patching within 30 days. Make sure that third-party apps are also patched. 5. Perform Application Whitelisting - This is a huge factor in these types of attacks. This goes beyond just ransomware, but even those malicious downloaders. Doing application whitelisting where you have your systems and you only allow the applications that you know about to run on those systems. 6. Deploy an EDR Solution- Baselining your systems and keeping aware of any new or rogue processes on your systems will curb those first-stage pieces of malware from going by unnoticed and causing more harm. 7. Secure Email Gateway Solution- A strong secure email gateway solution will go a long way in protecting what is commonly the initial infiltration vector by removing malicious emails from the user's mailbox.  Read Less
October 15, 2019
Roger Grimes
Data-driven Defence Evangelist
KnowBe4
The shipping industry has been a pretty big target ever since the NotPetya ransomware attack on Maersk in 2016. The shipping industry was concerned about hackers and malware for years before that, and shipping was always considered a part of federal critical infrastructure guidelines, but it was all mostly theoretical. NotPetya changed that. It proved that a single malware program could significantly impact shipping. The Maersk event changed the industry forever, including in the United States. .....Read More
The shipping industry has been a pretty big target ever since the NotPetya ransomware attack on Maersk in 2016. The shipping industry was concerned about hackers and malware for years before that, and shipping was always considered a part of federal critical infrastructure guidelines, but it was all mostly theoretical. NotPetya changed that. It proved that a single malware program could significantly impact shipping. The Maersk event changed the industry forever, including in the United States. The United States Coast Guard can not only stop an infected ship from docking in an American port, but there are also specialized Coast Guard teams which can be shuttled out to the affected ship to assess and help. The Coast Guard now considers cyber intrusions a threat like they would terrorist events, holes in the hull, and severe weather. They not only educate and warn, but can tell a ship that they aren’t seaworthy enough to dock because of the risk from loss of control of their digital systems. I don’t know the details of the ransomware attack, but without any inside knowledge, you can bet it was due to one of two things: a phishing email or unpatched software. Phishing is involved in 70% to 90% of all successful breaches and unpatched software is involved for 20% to 40% attacks. Any single other root cause you can think of accounts for less than 1% of the risk. Every other risk added up all together equates to less than 10% of the risk in most organizations. So, how do you stop ransomware? It’s easy. Don’t get socially engineered into doing something against your interests and patch your software. Nothing else really matters. Unfortunately, we are told that we have to worry about a thousand things and not told that two of these things matter far more than everything else. It leads to a lack of focus, which hackers love. Phishing and unpatched software have been responsible for the greatest number of attacks for over three decades, and it’s not going to change as long as people aren’t paying attention to the right things. Hackers will keep using phishing and attacking unpatched software for as long as it is working, and as the latest attack against Pitney Bowes shows, it’s working just fine.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.