Dive Brief:
- A ransomware attack called Bad Rabbit, disguised as a Flash Player update, began circulating this week. It redirects users to compromised Russian, Bulgarian and Turkish websites which host the encryption file, according to research from Talos Cisco.
- The ransomware propagates via EternalRomance, which enables it to navigate around SMB file-sharing security. The other ways the attack can infiltrate a computer's system is through the Windows Management Instrumentation Command-line, according to EndGame.
- The characteristics of Bad Rabbit are similar to the recent Nyetya attack, but as of right now Talos researchers do not have evidence any EternalBlue exploits were used for spreading. Other similarities include traces of wiper code and DiskCryptor, which was used to lock a targeted hard drive.
Dive Insight:
Cyberthreats and associated hackers are growing more sophisticated with each emerging attack. Cybercrimes have increased about 62% in only five years and can cost companies at least $2.4 million per attack. While cyberattacks are not fundamentally different, their access points vary enough to make absolute security a non-option.
The Nyetya attack earlier this year caught victims off-guard by not only locking hard drives but also wiping the data after the ransom was paid.
The malware attack was a cause for many companies and consumers to reevaluate redundancy and backup storage plans. The attack ultimately cost international shipping giant Maersk about $300 million in lost revenue. Maersk maintained it had deployed the proper patchwork and antivirus software, but Nyetya was still able to penetrate its systems.
As hackers become savvier, companies are still struggling to hire a skilled cybersecurity workforce. About 60% of IT professionals say their companies do not have adequate skills or staff on security teams. About 300,000 cybersecurity positions are unfilled, leaving preventative measures weak or unimplemented.