It has been reported that an American manufacturer which works with SpaceX and Tesla is being extorted by cyber criminals who are leaking documents relating to these companies. The cyber crime group known as DoppelPaymer has already leaked non-disclosure agreements signed between Visser Precision and the Elon Musk-led companies SpaceX and Tesla. More documents stolen from Visser’s network will be released unless the Denver-based firm pays a ransom, the criminals have claimed.
Experts Comments
If ransomware attacks are on the rise again, organisations need to allow password protected documents only from trusted senders.
It has felt like ransomware incidents are ramping up once more, with a number of attacks over the past few weeks. This DoppelPaymer attack has been the most high profile of those, partly because of the organisation being held to ransom - Visser, a parts manufacturer to major brands such as Boeing, Tesla and SpaceX – and partly because of DopplePaymer’s nature. It’s file-encrypting malware which first exfiltrates a company’s data and only discloses the data theft when that company goes.....Read More
Care must be taken to ensure that data is backed up offline so that if an endpoint device is infected, a swift recovery is possible.
Ransomware continues to pose a significant risk to organisations and individuals worldwide because it is a lucrative way for cyber criminals to make lots of money - fast. For these reasons, it is expected that ransomware attacks will continue to grow until the financial incentive is significantly diminished. DoppelPaymer is not different to any other ransomware in that it encrypts data and forces victims to pay before the data is decrypted. For any organisation or individual, the advice is.....Read More
There is no practical way to prevent attackers from reaching employees and getting them infected.
For organizations whose main asset is the confidential information that they produce and maintain, data exfiltration is their biggest nightmare. There is no practical way to prevent attackers from reaching employees and getting them infected. The only way to keep confidential information safe is to isolate access to it. Companies that use privileged access to let their employees use one operating system, which is less restricted for general use, assume they can get infected. Access to.....Read More
This includes patching software, implementing multifactor authentication, and providing regular security awareness and training to employees.
Ransomware such as DoppelPaymer is becoming more favoured by criminals because not only does it encrypt files like conventional ransomware, but also steals the files before doing so. That way, even if the organisation has backups in place, or can resume operations, the threat of leaking or selling commercially sensitive data and intellectual property will remain.
Not only does this approach make attacks even more effective, but also widens the potential targets that criminals can attack that.....Read More
Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability.
Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability.
Once you consider that ransomware doesn’t discriminate –.....Read More
It’s believed that INDIRK SPIDER was formed in 2014 and its typical MO is to target big businesses with ransomware.
30% of the most recently released tools, according to research from our threat intelligence feed, had ransomware functionality. This shows that the most lucrative and risk free approach for attackers is to hold businesses to ransom using crypto currency such as Bitcoin to provide a largely untraceable way to monetise an attack.
Dopplepaymer is ransomware – it’s been called this as it shares so much of the BitPaymer ransomware code, which is operated by the INDRIK SPIDER hacking group. It.....Read More
Cybersecurity is a community effort; the only way we’ll make significant gains against our adversaries is through cooperation.
Information crime continues to be a highly lucrative business, as information can be monetised through classic ransomware (a denial of availability) or the threat of leaking sensitive information (an attack on confidentiality).
The ongoing situation with Visser Precision highlights the interconnected nature of all businesses. An organisation’s information is valuable, but equally valuable is information about every other organisation with which you work. The criminal’s sees.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Brent Johnson, VP InfoSec & Compliance , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This particular ransomware incident is disturbing for a number of reasons...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-visser-data-breach-supplier-to-lockheed-tesla-boeing-and-spacex
Facebook Message
@Brent Johnson, VP InfoSec & Compliance , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This particular ransomware incident is disturbing for a number of reasons...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-visser-data-breach-supplier-to-lockheed-tesla-boeing-and-spacex