viernes, 7 agosto 2020
Visitas totales a la web: 85932434

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Government agencies were most heavily hit by ransomware during the first quarter, says Positive Technologies.

Lance Whitney

Organizations and their employees can fall victim to a variety of cyberattack methods, including phishing campaigns, viruses, spyware, and trojans. But one particularly problematic and pervasive type of attack is ransomware. A report released Wednesday by security provider Positive Technologies discusses the trends of ransomware attacks during the first quarter of 2020.

For its “Cybersecurity Threatscape Report for Q1 2020,” Positive Technologies found that more than a third (34%) of malware-based cyberattacks during the quarter were ransomware attacks. Among the most active were ones that used SodinokibiMaze, and DoppelPaymer.

Among different sectors, government agencies were the hardest hit by ransomware in the first quarter, accounting for 21% of all such attacks. Other industries heavily targeted by ransomware were science and education, healthcare, and industrial companies.

ransomware-attacks-by-industry-positive-technologies.jpg
Ransomware victim categories among organizations.Image: Positive Technologies

The first quarter of 2020 also saw a rise in ransomware attacks in which criminals demanded payment or else they would release the encrypted data to the public. In these cases, attackers even created their own websites where they publish the stolen information. Criminals groups that operate Maze, Sodinokibi, Nemty, DoppelPaymer, Nefilim, CLOP, and Sekhmet all now have their own sites.

Many ransomware attacks succeed because criminals are able to exploit known vulnerabilities and unpatched systems. As IT and security staffs have strived to support remote workforces, the resources required to secure and patch servers and systems have been strained. As one example cited by Positive Technologies, the British company Finastra was victimized by ransomware in March because it was still running unpatched and unsecure versions of Citrix ADC and the Pulse Secure VPN.

As a result of the coronavirus pandemic, some criminal groups promised not to attack hospitals and healthcare facilities with ransomware. But naturally, criminals can’t be trusted. In one example, the operators behind Maze said they would stop attacking healthcare institutions during the pandemic. However, after making that promise, they published data stolen from Hammersmith Medicines Research, a British company getting ready to test a COVID-19 vaccine.

At the start of 2020, a ransomware known as Snake surfaced. Particularly disruptive to industrial companies, Snake is able to delete shadow copies of data and stop processes related to the operation of industrial control systems. As several examples, Snake can halt the processes of such tools as GE Proficy and GE FANUC Licensing, Honeywell HMIWeb, FLEXNet Licensing Service, Sentinel HASP License Manager, and ThingWorx Industrial Connectivity Suite.

Seemingly used in targeted attacks, Snake leaves a note on the computer with the encrypted files telling the victim what to do. Using a contact email address of bapcocrypt@ctemplar.com, the attackers may be referencing a campaign against oil company Bapco, which was hit by the Dustman malware in late 2019 as a way to delete data. Both Dustman and Snake popped up around the same time, both of them targeting industrial companies, according to Positive Technologies.

To protect your organization and employees against ransomware and other forms of malware, Positive Technologies offers a few words of advice.

“Web application firewalls (WAFs) can block potential attacks against web applications on the network perimeter, including attacks against remote access systems, such as Citrix Gateway,” the report said. “To prevent infection of computers of the employees with malware, we recommend checking e-mail attachments for malicious activity with sandboxes. We also recommend following the general recommendations for ensuring personal and corporate cybersecurity.”

Fecha de publicaciónjulio 15, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

UME, para servir

Uno se pregunta, al ver las estadísticas de bajas, por qué no funcionarán los gobernantes con la misma prontitud y eficacia que los militares. Circula un video en el que un general, a pesar de la mascarilla, explica claramente el funcionamiento de las Unidades militares; una perfecta organización en la que un estado mayor planea y dirige las operaciones en curso, mientras otro va programando las operaciones futuras. Todo un engranaje funcionando con eficacia, en silencio y sin alardes, donde cada elemento sabe lo que tiene que hacer y cómo hacerlo, sacando el máximo rendimiento de sus escasos medios, y a pesar de lo imprevisto y desconocido de un enemigo que dio la cara cuando ya estaba dentro.

Los 4 grandes pelotazos de las mascarillas y los test: la estafadora Mayra facturó 263 millones a Sanidad

Eric Casas, directivo de Hans Biomed Skymedic, ha ganado 38,7 millones con el mismo negocio. Mayra Dagá,...

Últimas noticias

95 gramos de CO2 El mayor reto en la historia del automóvil

Como si fuera obra de Greta Thumberg, las medidas anticontaminación se endurecen en la UE, por lo...

Dos historias de un chino que demuestran la cara y la cruz del reconocimiento facial

A un lado, los que apoyan esta tecnología en aras de la seguridad; al otro, quienes lo consideran un atraco a la...

El bikini, un traje de baño atómico

La presentación de esta prenda veraniega de dos piezas coincidió con los ensayos nucleares de Estados Unidos en el atolón Bikini

El Ejército frustró un atentado con bomba lapa en su base principal en Mali

Artificieros españoles frustraron un atentado en Koulikoro, donde se ubica la principal base en la que están desplegadas las tropas españolas en Mali....

Teletrabajo y coronavirus: lo que el mundo puede aprender de los Países Bajos sobre el trabajo desde casa

Si eres de los que ha tenido que colocar la laptop sobre una pila de libros de cocina durante la pandemia o...