[BreachExchange] Case Study on How Regional Manufacturing Firms Are Increasingly Targets of Cybercrime

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 19 19:32:01 EST 2017


http://www.natlawreview.com/article/case-study-how-
regional-manufacturing-firms-are-increasingly-targets-cybercrime

As their methods evolve, cybercriminals are increasingly targeting regional
manufacturing businesses with sophisticated and potentially costly attacks.
A recent ransomware attack on a mid-sized manufacturer in the Southeast
provides a striking real world example.

The following information is provided with the consent of the company,
though it will remain anonymous to discourage revenge attacks.

On a Saturday night, the company’s servers slowly began shutting down. By
Sunday morning, it became clear the IT system was under attack. After
alerting the company’s cyber insurance company, a response team was
mobilized and found ransomware in the client’s system. The intrusion was so
sophisticated that it required significant forensic expertise to identify
the embedded malware. The resulting investigation also showed that Russian
cybercriminals had made an entry through an administrator’s computer that
was left connected to the internet overnight. Additionally, the
individual’s login password was weak. The attackers were able to crack it,
giving them high-level access throughout the system.

As the forensic cyber team worked to locate the intrusion, they learned the
intruders had been trading bitcoin on the excess server capacity for
several weeks prior to the attack. During the investigation, ransom notes
were found throughout the system.  The attackers demanded more than a
million dollars in untraceable internet Bitcoin or else all of the
company’s data and software would be erased.

Fortunately, the company had done its homework. They had a separate backup
system that had not been corrupted. However, they did lose a week’s worth
of business and data. As is standard practice in this area, the forensic
investigation was conducted under the auspices of outside legal counsel to
safeguard the attorney client privilege in case of future litigation.

Cybercrime is a sophisticated global business with revenues estimated at
$445 billion in 2015 alone. Historically, international cybercriminals have
targeted large financial, tax and insurance businesses, stealing credit
card and personal identity information, and selling it to street gangs and
other criminals in the United States. The data fed a massive pool of
relatively small-scale financial, tax and insurance fraud.

But the pay-offs from this business model were often disappointing.  Middle
men capture much of the profits.  Returns are waning as the victims of
credit card and other cyber fraud are getting much better able to protect
themselves. This is causing cybercriminals to turn to ransomware and other
targeted computer fraud to extort large one-off payouts from individual
data-dependent businesses. For this reason, small and medium sized
manufacturing firms are increasingly the targets of cybercrime.

Here are our Ten Tips for Protecting Your Company from Cyber-Criminals:

1. Conduct and document a cyber security audit using a third-party
provider.
2. Provide security awareness training for all employees that cover
spearing phishing, credential fraud, wire transfer fraud, etc.
3. Prepare and execute a risk-based cyber security plan that closes the
most important gaps in security first.
4. Identify in advance the professionals including outside legal
professionals that will be asked to respond at once if a crisis occurs.
5. Put a breach response plan in place and conduct a “test run” to identify
potential gaps in preparation.
6. Identify the statutory and regulatory requirements that apply to the
data held by the company, including the state-by-state notifications that
will be required in case of breach.
7. Have a public relations plan devised in the event of a cyber breach if
disclosure is required by law (or have a crisis management PR firm
identified).
8. Train the company’s leadership team and board to be able to execute the
breach response plan quickly and confidently in a crisis.
9. Obtain cyber insurance commensurate with the company’s needs and ability
to pay, and after a careful review of its terms.
10. Review the company’s contractual obligations to protect the data of
others to ensure that they are reasonable in scope and damages. Review the
company’s contracts with vendors to ensure that they protect the company’s
data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170119/11d400c1/attachment.html>


More information about the BreachExchange mailing list