Expert Insight On RansomHouse Attacking AMD

AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the US chipmaker.

Subscribe
Notify of
guest
5 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Keith Neilson
Keith Neilson , Technical Evangelist
InfoSec Expert
July 3, 2022 6:25 pm

Organizations entrusted with large volumes of customer information have a responsibility to maintain proper security guardrails. For enterprises today, basic password protection just isn’t enough to ensure proper identity access management and security of all cyber assets. Attacks such as these exemplify that, instead of putting emphasis primarily on the best practices for passwords, we must shift the attention over to secure access and next-generation authentication. This involves the development of new and improved alternatives to password management, which requires the implementation of a robust cyber asset management strategy.

Companies aiming to improve their overall security posture will take the first step of cyber asset management by discovering all cyber assets hosted within their IT environment. Given the multi-layer implications between data, assets, applications, and users, companies can only begin to enforce identity and password management policies when they have full visibility of their attack surface. Once all cyber assets are accounted for, enterprises can adopt and enforce more advanced authentication methods and cyber asset management capabilities. Without this integration, passwords will continue to be used as a fallback and “master key,” leaving valuable data vulnerable to attacks.

Last edited 5 months ago by Keith Neilson
Neil Jones
Neil Jones , Cybersecurity Evangelist
InfoSec Expert
July 3, 2022 6:24 pm

The alleged data breach of chipmaker AMD by RansomHouse is a stark reminder of the ongoing importance of an effective password management program. For as long as I can remember, easily-guessed passwords such as 123456, qwerty, and password have dominated the global listing of most commonly-used passwords, and they are undoubtedly in use in many corporate settings. Unfortunately, weak passwords can become a literal playground for cyber-attackers, particularly when they gain access to your organisation’s remote access solution and view corporate users’ ID details. Key components of an effective password management program include the following: 1) Employee education about the significance of password safety, social engineering awareness, and spear-phishing avoidance. 2) Establishment of mandatory password rotations, including forcing employees to change their passwords on a routine basis. 3) Re-visiting your company’s account lockout requirements, to ensure that users’ access is immediately disabled after multiple failed login attempts. Finally, it is also a reminder that cyber-attackers are increasingly making claims of attacks – whether proven or unproven – to proactively generate payouts from organisations. You need to have a plan in place now for that future inevitability.

Last edited 5 months ago by Neil Jones
Jonathan Knudsen
Jonathan Knudsen , Senior Security Strategist
InfoSec Expert
June 29, 2022 4:21 pm

Cybersecurity adversaries come in all shapes and sizes, with all kinds of motivations. Recently, RansomHouse has been engaging with a cyber twist on victim shaming. They claim that “the culprits are those who did not put a lock on the door leaving it wide open inviting everyone in. Organisations who have poor cybersecurity do not deserve to be victims. If you were walking past a house and saw the door open, what would you do? You would not enter the house uninvited, and you would not steal a TV or jewellery just to prove that the house’s owner was not following good security practices.

Ransomware is a business. While RansomHouse’s attitude might be unusual, their methods and motivations are as common and mercenary as any other criminals. For organisations that are not actively working to improve their cybersecurity posture, RansomHouse is another wake-up call in a long, long parade of wake-up calls. Every business is a software business. Software security risk is business risk and must be managed, just like any other kind of risk.

Last edited 5 months ago by Jonathan Knudsen
Satnam Narang
Satnam Narang , Senior Research Engineer
InfoSec Expert
June 29, 2022 4:06 pm

RansomHouse itself has claimed that they are neither behind breaches nor do they develop or utilize any ransomware as part of their efforts. But it’s hard to trust the word of the group, who may be trying to shield themselves from being lumped into a category of ransomware and becoming a bigger target through law enforcement operations.“Even with the success of double extortion, whereby ransomware groups encrypt files within a network and steal files and threaten to leak them on the dark web, the extortion factor appears to have become the central point amongst extortion groups like RansomHouse and Lapsus$.

“As the Conti ransomware group began to fold up its operations, part of its grand plans included splintering into several ransomware groups, including those that are extortion-focused like BlackByte and Karakurt.

“As we highlight in our recent Ransomware Ecosystem report, ransomware groups have evolved over the years, adopting a business-like approach to their efforts and forging business partnerships with other players in the ecosystem, like affiliates and initial access brokers. It remains to be seen if this trend towards an extortion-only focus will become part of its natural evolution.

Last edited 5 months ago by Satnam Narang
Dr. Darren Williams
Dr. Darren Williams , Founder and CEO
InfoSec Expert
June 29, 2022 4:04 pm

We haven’t yet seen evidence of the attack on AMD, but RansomHouses’ recent attack on the Shoprite Group in South Africa would indicate that they are focused on large organisations with weak security. As with all cyberattacks it really doesn’t matter how the bad actors found their way in, weak passwords or otherwise, if they want to find a way in they will be successful! What really matters is what data they were able to leave with.

Extortion is the main focus for cybercriminal gangs and organizations should look to newer technologies like anti data exfiltration to stop them in their tracks and prevent any unauthorised data from being exfiltrated.

Last edited 5 months ago by Dr. Darren Williams
5
0
Would love your thoughts, please comment.x
()
x