[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_column_text]A lightbulb moment happened when Faster Networks read about the latest FBI arrest of ransomware hacker, NetWalker. Firstly, let’s go back a year to when we reported the Toll Holdings ransomware attack, destabilising the logistics of a logistics corporation.
NetWalker (aka Mailto), a Canadian National according to authorities, is a ransomware-as-a-service (RaaS) developer that created and sold malicious code for other parties or affiliates to target and launch attacks on unsuspecting vulnerable parties, like Toll Holdings. They split the ransom and NetWalker alone is reported to have netted $27m. NetWalker is linked to a cybercriminal group, Mummy Spider, it is corporatised criminal sabotage of the operations of corporations. They post criminal job descriptions on open networks and forums as seen on ZDNet journalist, Catalin Cimpanu’s Twitter account:
…and now, the Netwalker (Mailto) ransomware gang is also looking for two partners specialized in network attacks
Trend for ransomware attacks/intrusions is pretty obvious these days. Gangs moving away from spear-phishing to targeting internet-exposed RDPs and servers. pic.twitter.com/VKWl9Q0vaa
— Catalin Cimpanu (@campuscodi) April 29, 2020
Thinking of these vulnerable targets, it is easy to blame the end consumer for not taking the necessary steps to protect privacy and data. However, the latest Crowdstrike Services report has some key findings that caught my attention. Any software platform has a shelf life, it might be technically archaic, designed in a different environment that is not fit for current purpose. It might be on the way out, or the developer is defunct or the upgrades have reached their maximum viability and a new version will exist soon or exists now. Included in the report was this insight, “Threat actors target neglected infrastructure – a vulnerability was observed in infrastructure slated for retirement due to it no longer receiving security configuration updates and regular maintenance. However, it still contained critical business data and systems.”
Software engineers will argue that code written well does not need frequent overhauls or updates but maybe there needs to be an expiry on software. Julia Hayward on Stack Exchange forum says so many aspects of software development are prone to change, a new OS, a rebuild of existing OS, third party packages appearing and disappearing, new hardware…all the things.
The concern is that for a big corporation to overhaul their data to a new platform is risky and expensive. When every minute counts, like it does for an investment bank, the change to a new platform needs to be almost instantaneous, the stakes are high. The alternative however is exploitable flaws and security vulnerability. What is the middle ground? Can we build more reliable fences? [/vc_column_text][vc_separator type=”normal” color=”#cccccc” up=”20px” down=”20px”][vc_column_text]Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.