<div dir="ltr"><a href="http://www.infosecurity-magazine.com/news/darkoverlord-extorts-westpark/">http://www.infosecurity-magazine.com/news/darkoverlord-extorts-westpark/</a><br><p><strong>The hacking group known as the DarkOverlord is threatening to
release data from the California investment firm WestPark Capital
unless it receives a ransom.</strong></p>
<p>The DarkOverlord got away with NDAs, contracts, internal reports and other sensitive data belonging to the investment firm.</p>
<p>The hackers published links
to about 20 stolen documents online after WestPark Capital initially
refused to pay, and is now threatening to release more. The documents
that have already been made public include non-disclosure agreements,
internal presentations, reports and contracts.</p>
<p>The hacking group emerged in June 2016, when it made a name for itself in lording it over, as it were, healthcare organizations.</p>
<p>It offered a fresh trove of 9.2 million patient records on a Dark Web
marketplace, for 750 Bitcoin (about $477,000). The plaintext 2GB
database as including names, addresses, emails, phone numbers, dates of
birth and Social Security Numbers (SSNs) belonging to 9,278,352
Americans. The group claimed that the data was lifted using a zero-day
exploit for remote desktop protocol (RDP).</p>
<p>The group is reportedly using similar tactics with WestPark.</p>
<p>Javvad Malik, security advocate at AlienVault, told us in an emailed statement that despite the threats, paying the ransom is probably not the best idea.</p>
<p>“The challenge is that even if companies pay the ransom, there is no
guarantee that the data won’t still be leaked publicly or traded
privately,” he said. “Once the genie is out of the bottle, there is no
going back. So I would not recommend paying the ransom under these
circumstances.”</p>
<p>The attacks show that criminals are starting to port winning
techniques from target silo to target silo. “The recent attack on
WestPark Capital indicates that no vertical—even the historically
secured financial services industry—is immune to ransom attacks from
either external hackers or automated ransomware threats,” said Carl
Wright, EVP and general manager of TrapX,
via email. “This clearly is a technique that has worked for hackers,
who are now capitalizing on its predictable returns to branch out past
healthcare and take advantage of the surprise factor that compels
organizations to hand over critical data.”</p>
<p>Generally, the best offense here is a good defense. For one,
organizations need to be aware of what data is hazardous to them and
under what circumstances.</p>
<p>“Where possible, this should be imparted into the risk appetite of
the organization and described independently of the technology stack,”
said Malik. “If this can be done, companies will be closer to
understanding the value of their data, and they’ll be able to better
protect the most vital aspects, while minimizing the chances of being
held to ransom.”</p>
<p>Tony Gauda, CEO of ThinAir,
points out that the incident reinforces the notion that corporate
America's most valuable asset—sensitive, proprietary data—is also its
greatest vulnerability.</p>
<p>“Organizations that are tasked with securing highly sensitive client
data (in WestPark's case, contracts, non-disclosure agreements and
confidential reports) are especially ripe for extortion,” he said by
email. “Enterprises need to assume hackers will eventually breach their
networks, and must have precautions in place that assure data remains
safe and under control regardless of whether or not a malicious actor
obtains it. We will continue to see these types of data ransom attacks
against organizations of every size and across every vertical until data
protection solutions are put in place."</p>
<p>So going forward, organizations—especially regulated verticals with
highly sensitive and protected data—also need to invest in technologies
like deception, which identify a range of ransom threats that are
perpetrated by cybercriminals as well as automated ransomware attacks,
he added.</p>
<p>“By detecting these threats early on, security teams are immediately
alerted, which gives the organizations a huge leg up in defeating these
kinds of attackers before they have the chance to swipe critical data
and force payment for its return,” he said.</p><br></div>