As part of our security experts comments series Andrea commented below on the news that malicious actors have used ransomware to take the website of Ukraine’s energy ministry offline and encrypt its files. IT security experts commented below.
Andrea Carcano, Co-Founder and Chief Product Officer at Nozomi Networks:
“In this type of cyber-threat, the attacker was targeting the Ukraine energy and coal ministry’s IT networks. It doesn’t appear there were any intentions or efforts to attack critical infrastructure. That said, IT is often used as an entry point for attackers who are targeting OT networks and this case is yet another reminder of the vulnerabilities within both IT and OT networks.
“Cyber-risk management must be a treated as a high priority for CNI. This requires both public and private sector collaboration and investments in better prevention and resiliency. With technological advances, such as machine learning and artificial intelligence, it’s now possible to model and monitor even large, complex networks and critical physical processes typical of refineries, power plants and pipelines. Operators can gain asset visibility and identify vulnerabilities.”
Craig Young, security researcher at Tripwire:
Organizations need to understand that off-the-shelf content management systems like Drupal, WordPress, and Joomla may start seeing exploitation within days or even hours of a critical disclosure. These public facing systems must be a top priority for infosec teams.
Users of these systems should also be certain to maintain up to date backups of their content to facilitate recovery after a ransomware attack.
The information was determined by looking at the source on the Wayback machine here:
https://web.archive.org/web/20180419075742/http://www.mev.gov.ua/
And noting that it shows <meta name=”Generator” content=”Drupal 7 (http://drupal.org)”/>
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.