Hackers who call themselves TheDarkOverlord recently tried to extort a series of health care organisations into paying hefty ransoms. Their most recent target is WestPark Capital. The hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort to extort money from the victim company.
Jamie Moles, security consultant at cyber security firm Lastline commented below why this story differs from other high profile hacks, including the traditional techniques and language that TheDarkOverlord have used in publishing the data.
Jamie Moles, Security Consultant at Cyber Security Firm Lastline:
“This story stands out from this year’s higher profile reports in a number of ways. TheDarkOverlord have reported themselves that they managed to hack Westpark Capital and others not through the common technique of phishing emails and malware attacks but by taking advantage of a bug in the Microsoft Remote Desktop Protocol – this is traditional hacking and not something we see reported so much nowadays.
“The other thing that stands out is the language that TheDarkOverlord have used in publishing the Westpark Capital data – describing their extortion attempt as a ‘handsome business proposal’ to withhold news of the hack which would have been a ‘quiet business opportunity’ for the Company CEO. This demonstrates the deluded outlook that there is a familiar hallmark of many of the Eastern European/Russian criminal gangs who use technology to extort money from legitimate businesses – by framing their efforts in normal business language they are attempting to add a veneer of legitimacy to their criminal activities.
“There is the outstanding issue of their system being broken into via the RDP protocol – this is a standard technical tool for remote management of server devices and frankly their network perimeter security must have been lax for this to have ever worked. It’s normal security practice to limit the RDP protocol on firewalls to allow only certain IP addresses to access your systems and it looks likely that Westpark failed to implement this basic step.
“It is highly unlikely that Westparks’ stance will change other businesses approach to paying ransoms – in this particular case the company themselves haven’t lost access to their data (as you would in a ransomware attack) so the urgency to pay is significantly reduced. Indeed it would seem that there is unlikely to be anything significantly damaging to Westpark in the data leak and they probably already have good contingency plans in place to manage any fall out – good relationships with their clients are likely enough to deal with any concerns coming up and indeed facing down the criminals instead of paying them off will make Westpark look stronger in many people’s eyes.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.