Ransomware: A Persistent Scourge Requiring Corporate Action Now – June 2019

From:

threatpost


ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.

A ransomware attack on Belgian airplane manufacturer ASCO this week is the latest in a string of incidents that show the unique danger lurking in this type of malware campaign. The rise of ransomware has cost companies millions to remediate – both in making payments and in system restoration and downtime – and should be prompting organizations of all sizes to take preventative measures.

ASCO, one of the world’s largest airplane suppliers, said this week that it shut down production in its factories in Canada, Germany and the U.S. after a ransomware infection crippled its plant in Zaventem, Belgium. About 1,000 of its 1,400 workers have been given leave for the week as the company works to remediate the issue, according to German media outlets. Whether ASCO has paid the ransom is unclear, but the impact on its operations is clearly severe. 

“Airplane manufacturer ASCO being hit by ransomware continues [the] trend of cybercriminals focusing their efforts on industry and manufacturing as their targets – recognizing the hugely costly and disruptive effect such a shutdown will have on the business,” said Shlomie Liberow, technical program manager at HackerOne, via email. “Public understanding of ransomware is on the rise, so if ASCO reacts quickly and in a way that keeps relevant stakeholders informed, hopefully it will see no lasting damage to reputation.”

According to Verizon’s 2019 Data Breach Investigations Report (DBIR), ransomware attacks are still going strong, accounting for nearly 24 percent of incidents where malware was used. And according to the FBI’s Internet Crime Report,  1,493 ransomware attacks, resulting in losses of $3.6 million, were reported in 2018. And that represents only those attacks that were reported to directly to the FBI.

Also, while ransomware attacks are on the rise, so too is the scope of the attacks. Chris Dawson, threat intelligence lead at Proofpoint, said that recent incidents point to threat actors attempting to take advantage of deeper pockets and higher stakes to demand much larger ransoms – as opposed to previous campaigns, targeting individuals, that demanded hundreds of dollars to unlock an individual PC.

This is exemplified in a string of high-profile ransomware attacks on large municipalities, manufacturers and other companies over the past year, of which the ASCO incident is a continuation. In 2018, several Atlanta city systems were crippled after a ransomware attack extorted the municipality for $51,000. Although Atlanta officials were vocal about not paying the ransom, the city ended up spending $2.6 million to recover. These expenditures covered incident response and digital forensics, additional staffing and Microsoft Cloud infrastructure expertise.

The city of Baltimore is another recent victim of ransomware, which hit in May and halted some city services like water bills, permits and more. Like Atlanta, Baltimore officials refused to pay the $76,000 ransom – but ended up dishing out $18.2 million in restoration costs and lost revenue.

And in one of the most high-profile cases, Norsk Hydro fell victim in March to a serious ransomware attack that forced it to shut down or isolate several plants and send several more into manual mode. The attack ultimately cost the aluminum giant $40 million.

“The RobbinHood attack on the city of Baltimore fits with a theme that we’ve observed as ransomware in the malicious email space has largely dried up,” Dawson said in an email. “Instead of targeting individuals in high-volume email campaigns as we saw frequently in 2016 and 2017, threat actors are now using ransomware in targeted attacks against key targets for much larger ransoms. As with Norsk Hydro and other targeted organizations, it appears that threat actors make use of existing network and endpoint compromises to then load ransomware on vulnerable devices.”

That said, of course, in addition to these, plenty of non-household names are hit every day, too.

A ransomware attack will be costly and damaging, no matter the organization’s size: According to a SentinelOne report, the average cost of a ransomware attack is more than $900,000. This includes the ransom itself, downtime and lost productivity, remediation, legal costs and more.

“Businesses face numerous cyberthreats from hackers, but ransomware is particularly insidious and common,” Daniel Markuson, a digital privacy expert at NordVPN, told Threatpost. “When ransomware infects a server, it quickly spreads to encrypt all of the files on that server. Obviously, this can be disastrous for a business – all of its payroll, customer information, contracts and trade secrets all rendered inaccessible. Once it’s deployed, the hacker simply demands a ransom from the company before unlocking their files. That’s only if they’re honest, however.”

Regarding whether to pay, many organizations find themselves in a dilemma when hit by ransomware. The choice is often either to pay the ransom and hope the cyberattackers keep their word and deliver the decryption keys, or to pay a cybersecurity firm to perform remediation and cleanup, which can cost more than the actual ransom. The latter path is more ethical, avoiding sending money into criminal pockets. But the choice “to pay, or not to pay?” can be hard.

“It’s easy to say that companies should never pay, but it’s also quite unrealistic,” said Brett Callow, spokesperson for Emsisoft, in an interview with Threatpost. “The reality is that making payment may be the only option that will enable a company to become operational again within a reasonable period of time. It’s very much a case of ethics versus business necessity.”

He added, “it may be the only recovery option available. Second, some companies may believe that payment is the fastest route to becoming operational again. Third, in some instances, they may believe that making payment will enable them to avoid the matter coming to the attention of the public and their shareholders.”

Although some decryptor tools are available, remediation firms themselves often have no options to give their customers, if those customers haven’t fully backed up their data, according to at least one researcher.

“I have no doubt that there are many firms out there that offer ‘sophisticated tools and tactics’ to decrypt victims files for a hefty fee,” Tyler Moffitt, security analyst at Webroot, said by email. “It also doesn’t surprise me that the majority of the time all these firms do is pay the ransom and then charge the victim a premium. This is pretty much the only chance that these assistance firms would be able to actually retrieve files. Retrieving them without paying the ransom is very rare and again only available when criminals make mistakes, so for the most part getting these encryption keys is impossible without paying the ransom and dealing with the criminals directly.”

Ransomware can also have devastating effects on reputation, in addition to the hard costs associated with an attack. That’s something that payment won’t fix, but being transparent about what’s happened and why can go a long way to softening this particular blow, according to HackerOne’s Liberow.

For example, Norsk Hydro admitted the gritty details, such as the fact that it had to close down operations in several locations, and the fact that the incident cost it at least $40 million in the first week.

“Norsk showed the world that while ransomware is costly and devastating in the moment, it doesn’t have to have a lasting effect on reputation as the open and transparent way Norsk dealt with the attack resulted in a rise in share price,” Liberow noted.

Interestingly, Radiohead’s recent response to a ransomware attack  which involved releasing a trove of 18 previously unheard outtakes from their album “OK, Computer” rather than pay a $150,000 ransom demand  demonstrates the positive brand power of a non-negotiation philosophy in the face of cybercriminals, according to Peter Groucutt, managing director of Databarracks; it thwarted the criminals’ efforts while bringing good publicity.

“Releasing a collection of unheard songs, demos and outtakes, while unconventional, was a PR masterstroke by Radiohead,” Groucutt said. “This obviously isn’t a viable tactic for most businesses dealing with a ransomware attack, but we can learn from Radiohead’s defiance.”

The best approach to ransomware is to take your company off the target list. Basic security hygiene is the first step.

“Difficult as it may seem to prevent these attacks, when it comes to ransomware, prevention is always better than cure,” Liberow said. “This means ensuring all systems are up to date with the latest patches and that there are no security vulnerabilities or weaknesses which could leave an organization exposed to attackers.”

Another crucial aspect of preparing for an attack is simply to make sure you have an extra copy of your files available.

“To reduce the damage of any potential ransomware attacks, keep periodic secure backups of your data,” Markuson said. “This means that if a hacker breaks in and infects your business with ransomware, you can ignore their demands and rebuild your systems with the backed-up data (however, don’t forget that they may also have copied some of your data for themselves).”

The sheer pervasiveness of the ransomware scourge should be pushing all companies to invest in backups, Groucutt added.

“Given that ransomware attacks are becoming increasingly commonplace, there’s no excuse to be unprepared,” he said. “Agreeing to pay a ransom demand isn’t conducive to long-term security, and emboldens cybercriminals to continue to use this method. There is also a risk of looking like an easy target, potentially inviting further attacks.”

Lindsey O’Donnell also contributed to this report.

D-Synergy reposted 17th June 2019

NSA Warns Microsoft Windows Users: Update Now Or Face ‘Devastating Damage’

 

 

From Forbe.com Jun 7, 2019, 05:19am
Contributor

I can’t recall ever seeing the U.S. National Security Agency (NSA) jumping in and warning users of Microsoft Windows to check if their systems are fully patched and, if not, to update now or risk a “devastating” and “wide-ranging impact.” But that’s what has just happened.

In an advisory published this week, the NSA has urged “Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threat.” That threat being BlueKeep, which has already been the focus of multiple “update now” warnings from Microsoft itself.

The NSA warning comes off the back of research that revealed just under one million internet-facing machines are still vulnerable to BlueKeep on port 3389, used by the Microsoft Remote Desktop feature, with nobody knows how many devices at risk within the internal networks beyond. The potential is certainly there for this threat, if exploited, to be on the scale of WannaCry.

It’s hard to know exactly why the NSA has decided to issue this advisory now, especially as it hasn’t gone through the more usual U.S.-Computer Emergency Readiness Team (CERT) channel. “I suspect that they may have classified information about actor(s) who might target critical infrastructure with this exploit,” Ian Thornton-Trump, head of security at AmTrust International, told me, “that critical infrastructure is largely made up of the XP, 2K3 family.” This makes sense as although Windows 8 and Windows 10 users are not impacted by this vulnerability, Windows Server 2008, Windows Server 2003, Windows 7, Windows XP and Windows Vista all are.

John Opdenakker, an ethical hacker, agrees that it could well indicate the NSA is in possession of further threat intelligence regarding the BlueKeep threat. “If it’s actively being exploited, then I kind of understand why they would do it,” Opdenakker told me, adding, “it’s certainly not being exploited at scale though, otherwise we would have heard about it already.” The latter point being the important one as far as the “normal user” is concerned, in my opinion. There is little denying that, as Thornton-Trump puts it, “governments are more or less the ultimate authority; vetting, testing and intelligence all has to be assembled and internally red-teamed before an estimate of risk can be assigned.” Which leads to a time lag as intelligence agencies react to the dynamic nature of such exploit disclosures.

.end of article.

D-Synergy

We recommend all our customers to update all their Microsoft Windows installations for all their desktops and servers.  – June 2019

D-Synergy Tech Systems Pte Ltd New Address & Contacts Info

To All Customers & Partners

Please note our new office address and contact info as of May 2018 :

Singapore Corporate Office
D-Synergy Tech Systems Pte Ltd
67 Ubi Crescent, #05-09 , Techniques Centre
Singapore 408560
p: +65 69500600

Sales Enquiries : sales@d-synergy.com

General technical support : support@d-synergy.com

Feedback : feedback@d-synergy.com

Stay Online While At Sea!

WiFi_1

Cruising onboard Star Cruises does not mean that you’ll get disconnected with your family and friends. When you sail with Star Cruises, you can update them real time using our affordable onboard WiFi internet access. Another good news is that, when you purchase the onboard WiFi via Shop&Cruise, you’ll be enjoying 10% discount across all our onboard WiFi products.

Libra 1

This onboard WiFi internet access is available on all Star Cruises Ships, and is accessible in common areas. Below are the list of our discounted prices per ship, as well as the areas where you can access our onboard WiFi:

Libra 2pic

SuperStar Virgo:

1-Day Onboard WiFi Access SGD 13.50
3-Day Onboard WiFi Access SGD 38.25

Accessible areas onboard:

  • Bella Vista
  • Pavilion Room
  • Noble House
  • Grand Piazza
  • Karaoke Rooms
  • Star Club 1, 2 and 3
  • Blue Lagoon
  • Samurai
  • Bellini
  • Genting Rooms
  • VVIP Room
  • Mediterranean Buffet & Terrace
  • Parthenon Pool
  • Library
  • Sauna & Spa
  • Galaxy
  • Taverna
  • Video Arcade
  • Oscar Salon
  • The Taj
  • Celebrity
  • Palazzo
  • Gelato Café

Four Seasons

SuperStar Libra:

12-Hour Onboard WiFi Access RM 18.00
1-Day Onboard WiFi Access RM 34.20

Accessible areas onboard:

  • Crystal Court
  • Four Seasons
  • Ocean Palace
  • Blue Lagoon
  • Tai Pan
  • Skyline KTV
  • Pool Area
  • Coconut Willy’s
  • Casino Areas
  • Stardust Lounge

Skyline KTV

SuperStar Aquarius:

1-Day Onboard WiFi Access NT 252.00

Accessible areas onboard:

  • Reception Area
  • Mariners Restaurant
  • Lagoon Bar
  • Tea Corner
  • Blue Lagoon
  • China Duty Free
  • Dynasty Restaurant
  • Stardust Lounge
  • Maxims Lounge
  • Star Club
  • Taipan Rest
  • Milan Station
  • Spices Restaurant
  • Oceana BBQ
  • Genting Club
  • Champ Bar
  • Skyline KTV

Blue Lagoon

SuperStar Gemini:

1-Day Onboard WiFi Access HKD 43.20

Accessible areas onboard:

  • Reception Area
  • Mariners Restaurant
  • Bella Vista
  • Rendezvous Bar
  • Stardust Lounge
  • Star Club
  • Maxim Lounge
  • Blue Lagoon
  • Topsider Bar
  • Taipan Rest
  • Dynasty Restaurant
  • Oceana BBQ
  • Genting Club
  • Champ Bar
  • Observatory Lounge
  • Oscar’s Salon

Tai Pan

Star Pisces:

4-Hour Onboard WiFi Access HKD 22.50
12-Hour Onboard WiFi Access HKD 54.00

Accessible areas onboard:

  • Star Karaoke
  • Maxims Lounge
  • Blue Lagoon
  • Mariners Buffet
  • Sushi Bar
  • Genting Palace
  • Taipan
  • Piano Bar
  • VIP Lounge
  • Genting Lounge
  • Casino Areas
  • Retail Shops
  • Spa
  • Gym
  • Oscar’s Salon

Pool

So don’t be the last one to boast on your beautiful Star Cruises experience in social media! Make sure you purchase our onboard WiFi internet access for your upcoming cruise.

 

For any inquiries about our onboard WiFi, please email us at onlinestore@starcruises.com.

Instacart Selects Zebra Technologies Zatar IoT Platform for Cloud Printing

zebra_new_logo

LINCOLNSHIRE, Ill., June 25, 2015 /PRNewswire/ — Zebra Technologies Corporation, a global leader in solutions and services that provide real-time visibility into organizations’ assets, people and transactions, today announced that Instacart, a same-day grocery delivery service, is utilizing Zebra’s Zatar Internet of Things (IoT) platform for cloud printing and device management of Zebra printers. This new solution allows Instacart to print labels at locations across the U.S. securely and accurately. Zatar is Zebra’s platform as a service (PaaS) IoT solution, enabling businesses and developers to build custom applications to manage, control and interact with their assets.

 

IoT analysts say printing is among the most promising yet often overlooked areas of IoT that can deliver great benefits and pose risk if not properly integrated and secured. As enterprises connect billions of devices and sensors to detect, locate and sense conditions throughout their operations, the Zatar platform will make it easy for applications to take advantage of data from these devices through standard application programming interfaces (API) and ultimately increase their enterprise asset intelligence.

 

KEY FACTS

  • Instacart is a same-day grocery delivery service that connects customers with personal shoppers who pick up and deliver their groceries. Their personal shoppers deliver groceries from local partner stores in as li as one hour.
  • Instacart chose to use the Zatar IoT platform for its ability to connect to and control devices in third-party locations via a simple API.
  • The solution connects Instacart’s printers to the cloud and enables the organization to easily interact, monitor and manage Zebra printers globally.
  • The Zatar platform is an application enablement platform that supports both Zebra devices and third-party devices to enable IoT solutions.
  • Zebra’s partner, American Barcode and RFID Inc. will also be offering advanced services and support as well as a managed services offering for the entire solution, leveraging Zatar.

 

SUPPORTING QUOTES

Seth Bertenthal, city launcher, Instacart
“Zatar has allowed us to remotely manage a network of Zebra printers and generate our labels. Through an API integration with Zatar, we now have the ability to print labels in multiple locations across the country. This was accomplished in an easy roll-out with Zebra’s excellent support along the way.”

Mike Krell, IoT practice lead, Moor Insights & Strategy
“In today’s connected and mobile business environment, printed documents are almost always proprietary and/or time sensitive. Zebra’s Zatar delivers a combination of cloud-enabled, secured printing and mobile connectivity, which makes the product a natural fit for many customers, including Instacart.”

Philip Gerskovich, senior vice president, New Growth Platforms, Zebra Technologies
“There are millions of Zebra Technologies’ devices in use in retail today, enabling omni-channel experiences, with Zatar, these devices can be connected and allow Instacart and others to easily take advantage of the visibility and real-time information they enable. We are excited about the Instacart solution and look forward to further helping them expand their reach and services globally.”

 

SUPPORTING RESOURCES

Website: Zatar
Website: Zebra
Twitter:Zatar
Twitter: Zebra

 

About Zebra Technologies
Zebra makes businesses as smart and connected as the world we live in. Zebra tracking and visibility solutions transform the physical to digital, creating the data streams enterprises need to simplify operations, know more about their businesses, and empower their mobile workforces. For more information, visit www.zebra.com.

 

Media Contact:
Therese Van Ryne
Zebra Technologies
+1-847-370-2317
Therese.vanryne@zebra.com

Industry Analyst Relations Contact:
Carolyn Buerger
Zebra Technologies
+1-224-316-0066
Carolyn.buerger@zebra.com

 

Zebra Technologies, Zebra and the Zebra logo are trademarks or registered trademarks of Zebra Technologies Corporation and are used under license. Third-party trademarks mentioned are the property of their respective owners. ©2015 Zebra Technologies Corporation. All rights reserved.

Zatar IoT Platform

4cs technology
Zatar offers a three-pronged approach to the IoT platform, focusing on three main components: front end applications and open APIs. The three components are core to the entire Zatar platform solution and center on the 4Cs: create, control, connect and collaborate. By addressing the 4Cs across the entire platform, Zatar provides businesses real-time insight into critical business processes.

 

Zatar allows you to easily CONNECT and COLLABORATE with other enterprise applications and quickly CREATE meaningful solutions that can be CONTROLLED with a wide variety of tools to help optimize efficiency and improve customer experiences.

Connect

Use our open API to develop apps that provide real-time insight into business operations. Create rich user experiences that provide insight and solve complex customer challenges.

 

Control

Keep an eye on your assets and monitor their performance, even when you’re not there. Access your IoT devices and their data from anywhere virtually any time. From sensor status to device activity and analytics data, the Zatar family of IoT applications gives you the power to see your devices and control their data.

 

Create

Design smarter IoT devices that can provide useful data. Use the Zatar device API to harness the power of standards (CoAP, LWM2M) so your devices can continue to communicate even when there is decreased energy or limited bandwith.

 

Collaborate

See how the key components of Zatar collaborate together to provide complete IoT solutions. Zatar offers an IoT platform on which devices can share their data and you can turn that data into something meaningful.

 

The time to implement an IoT strategy is now.

Upgrade to a Secured Managed Wireless Network for your Office

D-Synergy’s Managed Secured Wi-Fi Network Services is a hosted subscription based service that provides Enterprise Grade Secured Wireless Service.

From ADSL to NGN Fibre internet connection to your premises, to a Managed Firewall/Router and the latest in cutting edge technology in Wi-Fi deployment; D-Synergy’s Managed Secured Wi-Fi Network Services gives you the same features and functions with the additional benefit of being:

  • Total worry free with our hosted 24/7 monitoring and management services
  • Enterprise Security features with 802.1x and Rogue-threat protection
  • Enhanced Productivity with detail enhanced access tracking &  controlling
  • Fast Deployment with minimum disruption to your operation
  • Secured Access for Guest , Internal , Advanced Users
  • Future Proof (to cater for any wireless enabled devices including SmartPhone, Netbooks, WiFi phones, Tablets etc)

Based on the Aerohive Networks “Control-less” Wireless solution and HiveManager  Management system, features such as Policy Enforcement Firewalls, Guest DMZ, Policy specific SSID, Rogue AP detection, Adaptive Radio Management, Monitoring and Reporting comes standard with your subscription.

Going Wireless or Upgrading your Wireless system? Contact us now for a no-obligation discussion and site survey and let us show you the savings.

Our Contact Detail

 

D-Synergy Tech Systems Pte Ltd
67 Ubi Crescent, #05-09
Singapore 408560

 


DSTech Systems Sdn Bhd
No. 15-3 (3rd Floor), Wisma Laxton,
Jalan Desa, Taman Desa, Off Jalan Klang Lama,
58100 Kuala Lumpur, Malaysia
p: +60 3-7980-0943  f: +60 3-7980-1069

Sales Enquiries : sales@d-synergy.com

General technical support : support@d-synergy.com

Feedback : feedback@d-synergy.com

DBKL to make it a requirement for restaurants to provide Wi-Fi services

THE move by Kuala Lumpur City Hall (DBKL) to make it a requirement to provide Wi-Fi services under its food and beverage business licence is lauded by many.

It is expected to be enforced in April.

Piccolo Mondo Gastro Sdn Bhd director Suzianna Wong-Svrcula said the move was a good one as it positioned the city as an Internet savvy capital.

“At the end of the day I believe providing Wi-Fi for customers is good business sense. Many people own smart phones, iPads and tablets these days so the service is something useful to them,” she said, adding that all four of the establishments under the brand provided Wi-Fi as well as electrical plug points for free.

She said their facility was for the convenience of their customers.

“The only minor setback of providing such service is we get customers who order only one drink and use the service all day.

Convenient: Many like the idea of chilling at restaurants and enjoying the Wi-Fi services.

“However, that is not so common and we tend to look at the bright side most of the time,” Wong-Svrcula said.

She added that providing the service was part of the business and cost was not an issue.

One of the earliest providers of free Wi-Fi for customers, Starbucks Malaysia believes such a facility has made their outlets a favourite place for customers to relax and enjoy the Wi-Fi out of their home and office.

“The service is complimentary in all our outlets in Malaysia. It encourages frequent visits to our outlets,” a spokesman said, adding that easy access to Wi-Fi suited the current fast-paced lifestyle.

He added that DBKL’s move was a good one in order for the country to be more competitive in the globalised world where many people used the Internet to stay connected with others and work outside of their homes and offices.

Nerogroup Restaurants marketing communications executive Rachel Lai said the requirement allowed standardisation of service among restaurant businesses in the city.

“This also means there will be stronger competition in the business. We believe easy access to the Internet allows our restaurant to be chosen spots for people who want to check in or update their status on Facebook or Twitter,” she said.

She agreed that the downside of providing the free Wi-Fi was the potential of attracting freeloaders.

While most consumers welcome the new licensing requirements, there are some who believe it will promote social problems.

“These days, we see families or a group of friends gathering at restaurants and not talking to each other. Instead, they are busy catching up with others on their phones and tablets. Providing Wi-Fi only encourages this,” Kim Tan, 28, an engineer said.

She pointed out that people who needed to stay connected at all times would already have their own Internet connection, such as mobile broadbands and 3G services.

DBKL will be enforcing the new licensing requirement as early as April this year with no extra charges imposed on the licence, though operators will still be subjected to any fees imposed by the Malaysian Communications and Multimedia Commission or Internet service providers.

Only food and beverage businesses including restaurants, cafes, pubs, bars and club lounges occupying more than 120sq m in floor space will be subjected to the requirement.

Outlet operators are given the choice of providing the service for free or at a reasonable fee.

By CHOONG MEK ZHIN  mekzhin@thestar.com.my  Monday January 9, 2012