Global shipping and mailing services company Pitney Bowes announced the partial system outage that impacted customer access to some services as a result of a ransomware attack that encrypted some of its systems.
Pitney Bowes was affected by a malware attack which impacted some systems & disrupted client access to some of our services. We apologize for any disruption to your systems. We are working to restore affected systems. Please visit https://t.co/ixUa5FCGUQ for updates.
— Pitney Bowes (@PitneyBowes) October 14, 2019
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that if they are targeted, they are more likely to be back online with business as usual in a quicker time frame. I would always recommend testing the restore process, as this is where so many ransomware victims fall over.
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that if they are targeted, they are more likely to be back online with business as usual in a quicker time frame. I would always recommend testing the restore process, as this is where so many ransomware victims fall over.
While it is unclear how the attack was carried out, the majority of ransomware attacks come from weaponised documents which are sent through email or downloaded from a link in an email. Weaponised documents can be effectively neutralised as they cross the organisation boundary using structural sanitisation functionality. However, this isn’t just about technology – educating users to recognise threats is an important step. Furthermore, there is a need for policies and processes in place to ensure that if there is an issue it can be addressed as quickly and effectively as possible.
The challenge is that when using a reputable company, such as Pitney Bowes, customers expect they will have great information security. And when it doesn’t, it causes real issues. Had this been a small or unknown company, then the advice would be to go to a bigger player. But not in this case.
All businesses need to have a Disaster Recovery and Business Continuity plan, and this should include cyber threats and information supply chain threats as well. Organisations need to have a backup plan for key suppliers – such that in a case like this the disruption is minimised.
Unfortunately, we should expect to see a rise in these sort of attacks. Attacks are becoming increasingly sophisticated and high profile organisations are top targets. Top targets particularly include those who provide a service to multiple other organisations – a ransomware attack on those will often result in a knee-jerk reaction to pay the ransomware to get the business and its customers back up and running.
Today, what’s happening is not everyone is paying, so attackers want to hit the institutions or companies that are going to hurt the most because they’ll be put in a position where they’ll have to pay. But it’s key for organizations to remember — the ransomware is just the end payload. They need to focus on how the attacker got in.
Overall, there are seven key steps organizations need to take to defend against ransomware:
1. Backup Your Data – Have an online backup, but also keep an offline copy of it as well.
2. Inventory Your Systems – Conduct an IT audit of your systems. Make sure that anything that’s legacy or something that can’t be patched (like a Windows 2003 server) is isolated and highly monitored because it will be your biggest liability.
3. Conduct Continuous Awareness Training – Keep your security awareness training up because humans are the weakest link.
4. Implement a Patch Cycle Program – Have a good patch management program when you’re patching within 30 days. Make sure that third-party apps are also patched.
5. Perform Application Whitelisting – This is a huge factor in these types of attacks. This goes beyond just ransomware, but even those malicious downloaders. Doing application whitelisting where you have your systems and you only allow the applications that you know about to run on those systems.
6. Deploy an EDR Solution- Baselining your systems and keeping aware of any new or rogue processes on your systems will curb those first-stage pieces of malware from going by unnoticed and causing more harm.
7. Secure Email Gateway Solution- A strong secure email gateway solution will go a long way in protecting what is commonly the initial infiltration vector by removing malicious emails from the user\’s mailbox.
Major organizations such as Pitney Bowes are increasingly under threat of ransomware, as the FBI warned just last week. While it\’s not yet clear what the source of the Pitney Bowes incident was, organizations focused on digital transformation find themselves open to these attacks because exposed of pathways in their IT ecosystem of which they are typically unaware. This includes not only their own IT assets, such as servers, applications and infrastructure, but IT assets that belong to, or are managed by their third party vendors, partners or subsidiaries, which are highly interconnected with the company. These shadow assets and attack vectors create shadow risk, which arises when organizations have not fully mapped their attack surface.
When attackers find these exposed and unsecured assets, they can leverage vulnerabilities in them to launch ransomware attacks. Ransomware provides an easy income for cybercriminals targeting successful corporations, which are typically taken completely by surprise when they learn just how many unsecured IT assets their ecosystem partners and subsidiaries have, and what an easy target for exfiltration and ransomware those assets present.