Norwegian Aluminum Producers Norsk Hydro Hit by Cyber Attack

Norsk Hydro, one of the largest Norwegian aluminum providers, partly shut down their operations due to a large scale ransomware attack. The company has been trying to neutralize the attack this week, as they were unaware of how significant the damage was on their operations. The main cause of the attack has now been identified (due to LockerGoga ransomware), and the company is currently working with external partners to restore full systems operations.

When the attack hit, Norsk Hydro stated their switch to manual operations. Their shares went down about two percent while aluminium prices went up 1.5%. There have been a lot of breaches that caused both data loss and other infrastructural issues. In the past, cybercriminals have managed to hack into companies such as Anthem, Yahoo!, and Marriott International just to name a few.

Norsk claimed to Business Insider, “We are working to [further] contain the situation and reduce impact, aiming to resume normal operation.”

On Thursday, March 21, Hydro’s specialists found what the source of the problem was and has been working to get their systems back to the way it was – in its pre-infected state. Safety issues have not been announced since the ransomware attack first struck on Tuesday, March 19. Manual operations are still being used, but the company had announced that “most operations are [now] running.” It is still unclear how long full restoration to normal IT operations will occur.

UPDATE 3/27/19: Norsk Hydro reported financial losses of up to $40 million based on the ransomware’s impact from last week. While the company is now running almost all its operations normally, the Extruded Solutions business division is still in recovery mode. The Building Systems unit is still “at a standstill,” as said in a press release. Delays are expected, but Norsk Hydro announced that this unit will “gradually ramp up production and shipments during the week.”

Surviving a Ransomware Attack

The rate of ransomware attacks may have gone down, but does that mean there were fewer attacks? The rates have shown a slight decrease from the previous year, with 1,783 attacks in 2017 compared to a whopping 2,673 reported in 2016. Yet, while such numbers may indicate this catastrophic cybercrime is on the decline, the reality surfaces as most attacks being under-reported, leaving many to wonder how frequently the attacks occur and how the cost will affect businesses.

According to Ms.Smith of CSO reporting, Verizon analytics have found that ransomware incidents have actually doubled. Researchers have found that attackers usually demand a cryptocurrency payment to be able to release an affected user’s files, but there is no assurance to do so after payment is received. Through such ransomware attacks, cybercriminals are always thinking of ways to maximize their profit.

As former Whitehouse CIO who is now president and CEO of Fortalice Solutions explains, “We used to hear very often that it was mostly consumers – but [for those attacks] you’re looking at $75 as a cyber-criminal.” Attackers have a strategy to target all businesses utilizing the internet for their needs, raising a corporate concern of impending cyberattacks.

In 2017, the WannaCry, NotPetya, and BadRabbit strains didn’t simply upset business forms; rather, the attacks greatly impacted universal brands like FedEx from a functional operation. This took the ransomware danger vector to a “totally new level,” using worms to proliferate through frameworks and affecting 300-400,000 gadgets around the world, says Steven Wilson, leader of Europol’s EC3 digital wrongdoing focus. The cyber-threat further continues with cheap off-the-rack shelf kits sold online, allowing an attacker to access ransomware tools necessary to carry out another business damaging strike.

“Just think: your entire customer records database is gone,” says Wilson. “You don’t know who owes you money, who you owe money to, or who you’re going to sell your product to. That’s the reality if ransomware strikes you. Everything is gone.”

Raising Awareness

While ransomware such as WannaCry is still very much prevalent, cybercrime attacks like these helped raise awareness of any more possible strikes. From ongoing evidential trends, ransomware is here to stay. Fortunately, there are cyber-hygiene steps you can acquaint yourself with to prevent attacks from happening in the future.

Having up to date computer operating systems is the first step to preparedness, as the latest versions of anti-malware software can assist in the case of an attack. In the event of a major ransomware strike, it is always best to keep and regularly update backup storage of all files for recovery.

As Payton explains, “Organizations should also consider network segmentation and introduce kill switches to prevent malware from moving laterally, as WannaCry did.” [It’s always best to] practice for the worst and hope for the best – making sure you’re thinking ahead, practicing that digital disaster, practicing your comms plan,” Payton further suggesting that organizations also perform test runs on full restores.

How can the technology community help?

Through public and private bodies working together and familiarizing themselves with program vulnerabilities, ransomware disasters can surely be prevented. Working as a key to inform decryptors of dangerous ransomware, NoMoreRansom, for instance, pools assets crosswise over associations and can help the technology community be one step ahead of the next crippling attack.

For more on ransomware preparedness strategies, please click here to learn more about preventing ransomware.

31 Days of Cybersecurity in October

It’s almost October meaning it’s time for pumpkin spice everything, Halloween preparations, and Cybersecurity Awareness Month! The month of October is designated to educate the public about the importance of cybersecurity.

For 31 days straight, we will be posting a tip a day on our Facebook page, so be sure to “like” us so you don’t miss out!

According to the Department of Homeland Security, the monthly awareness program was  “designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.”

With the direction technology is headed, it’s no secret that cybersecurity is at the top of the concern list for people all over the world. Global Cyberattacks, data breaches, and ransomware attacks have dominated the headlines recently, exposing citizens to an insurmountable amount of cyber problems. While these problems are in fact very real, we believe that a true weapon against cyber-destruction is knowledge.

In some cases, there is a breakout of a phenomenon known as “security fatigue.”

Is security fatigue real?

With the increasing number of cyber problems accumulating on a daily basis, it seems that individuals have been developing a phenomenon known as “security fatigue,” or risky computing behavior in response to too many instructions and ads against such attacks.

Constantly changing passwords, two factor authentication, captcha, and strong passwords are said to potentially add too much of a burden on employees. For those advanced companies, you might start seeing a move towards biometrics rather than counting on ever-changing passwords to act as your security wall.

For those of us who do not have access to biometrics and fingerprint authentication, we’re going to bring an innovative spin to tried-and-true methods all of us should be putting into practice.

Be sure to follow along on our Facebook page for daily tips that are quick to implement and easy to share. Be sure to let us know if you try them out! #Inverselogic #October #CybersecurityAwarenessMonth

New Ransomware Strain Demands Nudes, Not Bitcoin

Normally, when you see the popular kids cartoon character, Thomas the Train, you don’t think anything of it. But if you see Thomas the Train show up on your computer, it might not be such a pleasant sight. As if extorting money and encrypting files wasn’t bad enough, cybercriminals have taken it to the next level: demanding naked photographs instead of Bitcoin. The new ransomware called nRansomware was first spotted by researchers at MalwareHunterTeam on Thursday.

 

The message reads that the computer has been locked and demands the victim to send “at least 10 nude pictures of you,” claiming that they will verify if they indeed belong to them. They also mention that those nude photographs will be sold on the Dark Web.

MalwareHunterTeam warns that it may simply be a prank since it doesn’t actually encrypt files; it’s simply a screenlocker. There is no information on anyone being infected as of yet.

If this is a real strain of ransomware, it’s a very sick, twisted type of attack. While it’s not entirely unexpected because of hacking or malware to access the webcam, it’s definitely reached a new low.

NHS, FedEx and Other Major Companies Hit in Global Cyberattack

More than 74 countries and 45,000 attacks were carried out during a global cyberattack today. Among the countries affected, 16 National Health Services (NHS) hospitals in England were hit, along with FedEx and Spain’s largest telecom.

The attack appears to be carried out by hackers using a stolen tool created by the United States National Security Agency (NSA): WannaCry Ransomware.

With this strain of ransomware, $300 (£233) is being demanded in exchange for the decryption key for each locked system. Hospitals were forced to shut down their emergency rooms and send patients to other locations. Patient records, schedules, phones and email were all compromised during the attack, putting a number of patients at grave risk.

As of now, it is not being seen as a matter of national security brought on by foreign power. It is still being treated as a very serious matter.

For more information, please visit reevert.com to read the full article.

Locked PDF Phishing Scam Attack

Last week, the SANS Internet Storm Center alerted people about an active phishing campaign that contains malicious PDF attachments. This PDF phishing scam is specifically aiming to steal email credentials.

In the subject line of the email, it reads, “Assessment document,” and a single PDF attachment in the body of the email. The message reads: PDF Secure File UNLOCK to Access File Content.”

pdf_phishing.png

Photo courtesy of KnowBe4.com

You are then prompted to enter your email and email password to “view” the document. This is the type of phishing campaign that targets everyone, not just the more sophisticated users. Founder & CEO of KnowBe4, Stu Sjouwerman, says, “This is a large spray-and-pray campaign that hopes to get a small foothold into your org via an email account and then compromise, tunnel in or send spear-phishing attacks.”

Once opened (using any email / password variation), the PDF suggests that it is a SWIFT banking transaction and transmits any entered data to the spammer.

SANS says, “Be wary of emails from domains that don’t match the contents, note that encrypted PDF documents are not locked this way (and will never ask you for your actual email password anyway), and look for other inconsistencies that give these away as scams.”

If you’ve got Adobe Reader, it will warn you upon opening it. However, if you’re running on Windows 10, be extra weary. The default browser is Edge, which does not appear to give any warnings upon receiving the email.

Be sure to think extra hard before you click so that you don’t become victim to any PDF phishing scam or malicious attempts.

Election Machines Out of Date – What This Means for Voter Security

With only 19 days left before the upcoming Presidential Election, cybersecurity concerns are at the top of everyone’s list – especially after Donald Trump’s allegations of having a “rigged” system. The Department of Homeland Security has been working on scanning systems for vulnerabilities and helping states (33 states as of Oct. 11) identify vulnerabilities in time for the big Election day. So what does this mean for Voter Security?

While it’s been stated that it’s highly unlikely that hackers could affect the outcome of the election in any way, voter registration databases are far more at risk for tampering, putting voter security at the top of the list of concerns. Dozens of states have already experienced attempts, but fortunately no data was altered.

The Department of Homeland Security stated earlier this month, “in recent months, malicious cyber actors have been scanning a large number of state systems, which could be a preamble to attempted intrusions. In a few cases, we have determined the malicious actors gained access to state voting-related systems. However, we are not aware at this time of any manipulation of data.”

Experts have stated that most voting machines are not connected to the internet, but are still greatly outdated. 43 out of 50 states are using machines that are at least ten years old, according to the Brennan Center for Justice at NYU’s Law School. Most machines are running on operating systems like Windows 2000. Outdated operating systems and software are susceptible to security vulnerabilities, if they’re not taken care of.

In an effort to address issues on Election Security, there are two bills currently in Congress. The “Election Infrastructure and Security Promotion Act of 2016” is said to enforce the Department of Homeland Security to see voting systems as “critical infrastructure.” In turn, they would be accessible to more DHS protection and support. The second bill is the “Election Integrity Act” that would put a restriction on the voting machines that states would be allowed to buy. Both would provide a more structured, safe voting system and peace of mind.

Voter security is still a top priority. They are urging the remaining states to act soon and take advantage of the DHS resources so they are prepared come November 8th. Don’t forget to register to vote, if you haven’t already. The last day to register is the 15th calendar day before the election. For California residents, you can register here

Cybersecurity Experts Give 5 Tips to Avoid Ransomware

Malware – a mashup of the words ‘malicious’ and ‘software’ – is what cybersecurity experts use to describe any malicious program on a computer or mobile device. Ransomware, a type of malware, is a version that encrypts files and asks for a ransom (typically through bitcoin), in order to decrypt said files. Though there are various types of malware that exist, many versions install without user consent. The effects of malware range from crippling your computer to stealing sensitive data.

Recently, there has been an increase in attacks on hospitals in exchange for hefty funds. In February, Hollywood Presbyterian Medical Center paid a $17,000 ransom (40 bitcoin) after a hacker seized their patients medical records and important files. Unfortunately, this is a trend that is happening all too often. We’ve put together an infographic to help you fight against ransomware and protect your important files. If you do not have a proper backup plan set up, Inverselogic’s cybersecurity experts can put a plan of action together for you and your business.

Malware Infographic

Maintaining Your Cyber Security

We are becoming increasingly connected to the world online through desktops, laptops, tablets, smart phones, e-readers, and even wearables. While this is great for staying in tune with current events and keeping in touch with others, the increased exposure makes us more vulnerable to cyber attacks than ever before. Surprisingly, some people are not as aware of the threat as they should be.

Norton Security’s 2012 Cyber Crime Report revealed that 55% of those surveyed had no idea whether their computer was “clean” or free of viruses. Another major concern today is maintaining mobile security. While two out of three adults access the Internet with their phones, 44% of them are not even aware that mobile security options exist.

Still not convinced that the threat of cyber attacks doesn’t apply to you? Check out the facts below:

Cyber Crime Stats

Most cyber attacks are launched in an attempt to steal your information. Scammers will send phishing emails, trying to get you to divulge of passwords, bank account details, and other sensitive data. Some will even prompt users to download a file, disguised as legitimate software, that turns out to be malware. In these cases, users might have software on their devices, accessing their information and sending that information to an outside source without the user’s knowledge or consent.

It is much easier to avoid falling victim to cyber attacks than to try and restore lost data or recover your financial assets. To avoid becoming a victim, it helps to become familiar with the different forms of cyber attacks, and the best practices to ensure that your information stays safe. In general, here are some basic rules to follow when it comes to protecting yourself on the Internet.

  1. Never give in to unauthorized requests to reveal confidential information.
  2. Don’t use unprotected computers or networks- make sure you have an updated anti-virus program and that your network has a firewall set up.
  3.  Never leave important documents out- lock them away or put them out of sight before leaving your desk.
  4. Use passwords to protect your devices and important documents- also make sure these passwords are changed often and are long and complex.
  5. Never click on suspicious links and do not open suspicious emails- Simply opening some can be a threat to your system.
  6. Do not plug in your personal devices without prior approval- they could have dormant malware on them that could compromise your information once plugged in.
  7. Never install unauthorized programs- if you have found a program that you think would be useful, consult your IT department first.
  8. Always stay alert and report anything suspicious as soon as possible.

Whether for personal use, or on the job, follow our Guide to Cyber Security to ensure that your information, and others’ is kept safe and out of the wrong hands.

 

Iran Attacked by Another Virus: Flame

Iran has confirmed that they have been attacked by another virus, Flame, which collects information on high-ranking officials.

Remember Stuxnet? Unlike it, Flame is not destructive but is considered more dangerous for obvious reasons.

The virus is thought to have originated in Israel since the encryption patterns are similar to previous malware threats which were programmed in the country.

To read more on the virus and what the Iranians have to say about it CLICK HERE.