20 Jul The ECA Cybercampaign is recruiting champions!
As the ECA European Cybersecurity campaign is recruiting new participants, the wave of cybercrime seems heavier and higher. Two weeks ago, Kaseya, a software company providing network management to customers, was hit by an attack which in fact targeted its customers. As its software was compromised, crypto locking was spread around to end-users companies, probably hundreds if not thousands of them.
The trick with such attacks is that, as happened with SolarWinds a year ago, it does not hit directly the end-user information system, it comes indirectly through third-party service and tools, which so far were not seen as being possibly compromised. This explains the quick propagation of the malware, which classical Cyberdefense such as firewalls are unable to detect and block.
Sadly enough, this proves that the precedent of SolarWinds was not taken seriously enough, despite warnings and many proud declarations.
Another potential cause of indirect attack lays in web services and mobile applications that nowadays many companies resort to. Even if coding for these services is done with the utmost care, it’s a fact that most of this coding relies partly on external components. Therefore, the resilience of the programs depends on that of the weakest of their components, if one of those is compromised the door is open!
This new set of threats must absolutely be taken more seriously. We should stop seeing hackers as just clever guys that make fun of clumsy defenses. Hacking is an industry with Business models which constantly adapt, it is borne by criminals who have huge investment capability, when it is not supported by states, it boosts new actors as ransomware brokers and resellers, ransom negotiators … The new « fashion » of indirect attack is a result of this evolution, as it exploits under-the-radar vulnerabilities.
By the way, just as I write this, the news pop-up that Morgan Stanley, and also Guidehouse, a service company working with them, has detected that data of customers have been stolen. The hackers are said to have in fact compromised Accelion, an American platform of « secured » data exchanges. Through this indirect attack, they have been able to steal data, and the related encryption keys, so to lay their hands on data in clear.
In FIC at Lille, in our forum to behold on September 7th, 14t-16h, we will tell you about the first results of our European campaign, and we will discuss how « application layer » cybersecurity tools, as well as early detection and response tools, can prevent this sort of attacks, which unfortunately are slated to quickly ramp up.
We will also discuss some questions about securing Industrial IoT systems. Again a new source of attacks that is promised to spread around, as connected sensors often do not incorporate « security by design ». And a good domain to assess the capability of Cybersecurity companies to scale up, as secure IoT will come in millions thanks to the widening adoption of the smart industry.
So many reasons to meet with you in FIC! See you there. Click here to participate!
Head of ECA Cybersecurity Focus group