Expert Comments

Experts Insight On Visser Data Breach (Supplier To Lockheed, Tesla, Boeing And SpaceX)

Expert(s): Security Experts
Expert(s): Security Experts

It has been reported that an American manufacturer which works with SpaceX and Tesla is being extorted by cyber criminals who are leaking documents relating to these companies. The cyber crime group known as DoppelPaymer has already leaked non-disclosure agreements signed between Visser Precision and the Elon Musk-led companies SpaceX and Tesla. More documents stolen from Visser’s network will be released unless the Denver-based firm pays a ransom, the criminals have claimed.

Experts Comments

Dot Your Expert Comments
Brent Johnson
March 03, 2020
VP InfoSec & Compliance
Bluefin

This particular ransomware incident is disturbing for a number of reasons.
This particular ransomware incident is disturbing for a number of reasons. First, the hackers deployed the new DoppelPaymer ransomware, which combines malware to initially extract data from documents and then encryption to render the files inaccessible. Second, Visser looks to deal with a number of high profile technology and defense contractors, which could mean that they are now in possession of sensitive information. Finally, the incident begs the question of how DoppelPaymer made its way.....Read More
This particular ransomware incident is disturbing for a number of reasons. First, the hackers deployed the new DoppelPaymer ransomware, which combines malware to initially extract data from documents and then encryption to render the files inaccessible. Second, Visser looks to deal with a number of high profile technology and defense contractors, which could mean that they are now in possession of sensitive information. Finally, the incident begs the question of how DoppelPaymer made its way into the Visser system and located files and information where the data was clearly not encrypted or tokenized. DoppelPaymer is a prime example of how sophisticated data-stealing ransomware is becoming, which means that companies of all sizes need to formulate their data security approaches with this type of attack in mind.  Read Less
Alyn Hockey
March 03, 2020
VP of Product Management
Clearswift

If ransomware attacks are on the rise again, organisations need to allow password protected documents only from trusted senders.
It has felt like ransomware incidents are ramping up once more, with a number of attacks over the past few weeks. This DoppelPaymer attack has been the most high profile of those, partly because of the organisation being held to ransom - Visser, a parts manufacturer to major brands such as Boeing, Tesla and SpaceX – and partly because of DopplePaymer’s nature. It’s file-encrypting malware which first exfiltrates a company’s data and only discloses the data theft when that company goes.....Read More
It has felt like ransomware incidents are ramping up once more, with a number of attacks over the past few weeks. This DoppelPaymer attack has been the most high profile of those, partly because of the organisation being held to ransom - Visser, a parts manufacturer to major brands such as Boeing, Tesla and SpaceX – and partly because of DopplePaymer’s nature. It’s file-encrypting malware which first exfiltrates a company’s data and only discloses the data theft when that company goes to the ransomware’s website to pay the ransom. This means that organisations might not even be aware of their data being exfiltrated, a highly vulnerable place to be in. DoppelPaymer relies on employees opening the email message, which will contain a password so that the user can open the file – once this has happened then the ransomware can move across a network and take all the data it wishes. But these types of file are relatively easy to defend against. Organisations can build policy to allow password protected documents only from trusted senders, although ideally they should move to use email encryption as its more secure.  Read Less
Marco Essomba
March 03, 2020
Founder
iCyber-Security

Care must be taken to ensure that data is backed up offline so that if an endpoint device is infected, a swift recovery is possible.
Ransomware continues to pose a significant risk to organisations and individuals worldwide because it is a lucrative way for cyber criminals to make lots of money - fast. For these reasons, it is expected that ransomware attacks will continue to grow until the financial incentive is significantly diminished. DoppelPaymer is not different to any other ransomware in that it encrypts data and forces victims to pay before the data is decrypted. For any organisation or individual, the advice is.....Read More
Ransomware continues to pose a significant risk to organisations and individuals worldwide because it is a lucrative way for cyber criminals to make lots of money - fast. For these reasons, it is expected that ransomware attacks will continue to grow until the financial incentive is significantly diminished. DoppelPaymer is not different to any other ransomware in that it encrypts data and forces victims to pay before the data is decrypted. For any organisation or individual, the advice is always to protect yourself using multiple layers of defence, including: regular backups of data and always store it in a safe place, ensure that server and endpoint devices have the latest anti-malware software protection that can detect malicious code, and ensure that only trusted whitelisted applications are allowed to run on endpoint devices. Because DoppelPaymer exfiltrates data to a remote internet server, it's also crucial to ensure that outbound connections leaving the organisations are scanned to detect nefarious activities. At the endpoint , application whitelisting is another effective way to detect malicious applications on top of running conventional anti-malware software. As an extra precaution, taking physical backup of your data on a regular basis is key. Care must be taken to ensure that data is backed up offline so that if an endpoint device is infected, a swift recovery is possible. With ransomware it is advisable to think about the worst case scenario and also conduct regular drills to ensure the business continuity processes implemented are effective and working as expected.  Read Less
Yuki Arbel
March 03, 2020
VP of Product Management
Hysolate

There is no practical way to prevent attackers from reaching employees and getting them infected.
For organizations whose main asset is the confidential information that they produce and maintain, data exfiltration is their biggest nightmare. There is no practical way to prevent attackers from reaching employees and getting them infected. The only way to keep confidential information safe is to isolate access to it. Companies that use privileged access to let their employees use one operating system, which is less restricted for general use, assume they can get infected. Access to.....Read More
For organizations whose main asset is the confidential information that they produce and maintain, data exfiltration is their biggest nightmare. There is no practical way to prevent attackers from reaching employees and getting them infected. The only way to keep confidential information safe is to isolate access to it. Companies that use privileged access to let their employees use one operating system, which is less restricted for general use, assume they can get infected. Access to confidential information, however, is done through a separate, privileged operating system, which is fully isolated from all attack vectors. While the two operating systems run on a single physical machine in a fashion that is transparent to the user, they are completely segregated from one another, so an attacker on the general operating system is not even aware of the privileged one, let alone being able to access it.  Read Less
Javvad Malik
March 03, 2020
Security Awareness Advocate
KnowBe4

This includes patching software, implementing multifactor authentication, and providing regular security awareness and training to employees.
Ransomware such as DoppelPaymer is becoming more favoured by criminals because not only does it encrypt files like conventional ransomware, but also steals the files before doing so. That way, even if the organisation has backups in place, or can resume operations, the threat of leaking or selling commercially sensitive data and intellectual property will remain. Not only does this approach make attacks even more effective, but also widens the potential targets that criminals can attack that.....Read More
Ransomware such as DoppelPaymer is becoming more favoured by criminals because not only does it encrypt files like conventional ransomware, but also steals the files before doing so. That way, even if the organisation has backups in place, or can resume operations, the threat of leaking or selling commercially sensitive data and intellectual property will remain. Not only does this approach make attacks even more effective, but also widens the potential targets that criminals can attack that will feel compelled to pay a ransom. The best option for organisations is to try to ensure that the malware doesn't get into the system to begin with. While there is no one technique that will work in all scenarios, having a layered set of controls to make it difficult for criminals to be successful will help reduce the risk. This includes patching software, implementing multifactor authentication, and providing regular security awareness and training to employees.  Read Less
Chris Grove
March 03, 2020
Product Evangelist
Nozomi Networks

Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability.
Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. Once you consider that ransomware doesn’t discriminate –.....Read More
Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. Once you consider that ransomware doesn’t discriminate – that it can operate across IT, IoT and ICS environments - it’s critical you use a tool capable of working across the technology spectrum in order to effectively track attacks and the ransomware as it hops across heterogeneous environments.  Read Less
Oliver Pinson-Roxburgh
March 03, 2020
Managing Director
Bulletproof

It’s believed that INDIRK SPIDER was formed in 2014 and its typical MO is to target big businesses with ransomware.
30% of the most recently released tools, according to research from our threat intelligence feed, had ransomware functionality. This shows that the most lucrative and risk free approach for attackers is to hold businesses to ransom using crypto currency such as Bitcoin to provide a largely untraceable way to monetise an attack. Dopplepaymer is ransomware – it’s been called this as it shares so much of the BitPaymer ransomware code, which is operated by the INDRIK SPIDER hacking group. It.....Read More
30% of the most recently released tools, according to research from our threat intelligence feed, had ransomware functionality. This shows that the most lucrative and risk free approach for attackers is to hold businesses to ransom using crypto currency such as Bitcoin to provide a largely untraceable way to monetise an attack. Dopplepaymer is ransomware – it’s been called this as it shares so much of the BitPaymer ransomware code, which is operated by the INDRIK SPIDER hacking group. It has been suggested by the security industry that INDRIK SPIDER might have split, and whoever has split from the group has gone onto build their own ransomware operation targeting big businesses. It’s believed that INDIRK SPIDER was formed in 2014 and its typical MO is to target big businesses with ransomware. This ransomware also has links to Dridex, also written by the group, strengthening the likelihood that this is someone from the INDIRK SPIDER group breaking away or going rogue.  Read Less
Jonathan Knudsen
March 03, 2020
Senior Security Strategist
Synopsys

Cybersecurity is a community effort; the only way we’ll make significant gains against our adversaries is through cooperation.
Information crime continues to be a highly lucrative business, as information can be monetised through classic ransomware (a denial of availability) or the threat of leaking sensitive information (an attack on confidentiality). The ongoing situation with Visser Precision highlights the interconnected nature of all businesses. An organisation’s information is valuable, but equally valuable is information about every other organisation with which you work. The criminal’s sees.....Read More
Information crime continues to be a highly lucrative business, as information can be monetised through classic ransomware (a denial of availability) or the threat of leaking sensitive information (an attack on confidentiality). The ongoing situation with Visser Precision highlights the interconnected nature of all businesses. An organisation’s information is valuable, but equally valuable is information about every other organisation with which you work. The criminal’s sees interconnected systems, some of which are more vulnerable than others. If the cost of compromise at one company is too high, criminals will attack suppliers or customers instead as a means of infiltrating or monetising the target. How can you defend against such attacks? Obviously, the first priority is getting your own house in order. Adopt good security practices, educate your employees, and plug all the holes in the dam. But beyond that, it’s in your own best interests to make sure your vendors and your customers are doing the same. Ask your partners what they’re doing about cybersecurity. Share best practices, techniques, and tactics. Cybersecurity is a community effort; the only way we’ll make significant gains against our adversaries is through cooperation.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...