Ransomware attacks have once again become a major topic of discussion of late with more organisations having reported such breaches in recent months. It appears that no matter what the industry, any organisation with important customer data is getting targeted and will suffer such an attempted attack sooner rather than later, if they haven’t already that is.
Only last month the City of Johannesburg suffered such an attack which caused major outages in both their client-facing and internal systems. The attack was reportedly the work of the hacking group “Shadow Kill Hackers”, who claimed to have backdoor access to the City’s systems and data. The hackers then tried to extort 4.0 bitcoin (R521 729.88) from the City as a ransom for the hackers reinstating their systems and data, which the City quite rightly didn’t give in to as it only encourages such activities.
One of the major knock-on effects of these attacks is that of affected customers possibly becoming “pwned”. Getting pwned refers to an individual’s personal information being compromised in a data breach at an organisation where they are a customer (either currently or in the past). Such information can then be used by hackers to target the individual with phishing or other types of attacks. Even when an organisation has the necessary backups to restore their systems and databases without paying any ransom, the leaked data is still out there for anyone with malintent to potentially use for criminal activities. In addition to phishing this can include anything from email spam lists to brute force attacks and fraudulent account creation with unauthorised billing, to mention just a few of the examples of how someone’s personal data can be abused.
An individual can check at any time to see if their personal data has been compromised by visiting the Haveibeenpwned.com website where the person can enter their various e-mail addresses (personal and work-related) to find out if they have been pwned. Most users who do these checks discover that they have in fact been pwned and some stage and the details of which organisations had data breaches resulting in their personal details being obtained are provided on the site. Users can also sign up to be notified if their email address appears in future dumps.
Dealing with being pwned as an individual and how organisations can prevent such data breaches will be discussed in a very interesting webinar on both this topic and the topic of general vulnerability management presented by F-Secure’s Director of Vulnerability Management Teemu Myllykangas on Wednesday 13 November at 12:00pm South African time. Those unable to view the webinar at the time of it being broadcast can register for it and will then receive a link to the webinar to view it at their leisure.