THE RUNDOWN
Over this past weekend, the cybersecurity and the defense industries were both shocked to learn that on 27 October, 2023, the Russia-based hacker group Lockbit successfully implanted ransomware in the computer network of defense contracting giant Boeing. A ransomware attack is one where a hacker is able to access the computers of the victim and encrypt them in such a way that they are inaccessible to the victim. Only when the victim pays a ransom fee are they given the key to decrypt the computers and return to operations.
Boeing later acknowledged the incident and indicated only that they are investigating.
Lockbit claims not only that it was able to perform the encryption, but also able to exfiltrate a large amount of highly sensitive data from Boeing’s computers.
According to the FBI’s Internet Crime Complaint Center (IC3), the top three cyber attacks in 2022 based on cost incurred by the victims are:
- Business Email Compromise
- Compromised Credentials
- Ransomware
As 2023 creeps to an end, it has been noted by the IC3 and other security organizations that they are now seeing a huge influx of hybrid attacks, like what happened to Boeing (the ransomware and the exfiltration).
Hacking groups such as Lockbit have discovered they can get a bigger payout per victim with these hybrid attacks. The MO for this type of attack, which many companies can expect to see in the coming days, is a three-part extortion attempt.
First, the attackers will ask for an amount of money in return for the decryption keys for the infected computers. Once the company has paid the initial ransom, they will get a second request from the hackers asking for more money; however, this time the money paid is to ensure the hackers will not release the data which they exfiltrated from their network. Finally, in some cases, the hackers will ask for a third ransom to be paid—this time to buy their silence so they do not let the world know of the embarrassing hack the company has suffered. If the victim chooses to pay all three fines, the hacking group will have maximized their income. It also worth noting that there is nothing actually stopping them from selling the company’s data on the dark web regardless; they are criminals after all.
The FBI is adamant that companies should not pay any ransoms to the hacking groups. Instead, they recommend that companies have a solid and robust back up solution which is both segregated from the main network and tested frequently.
THE TAKEAWAY
Hacking groups are growing more bold when it comes to the hacks they are performing, and are now combining different kinds of attacks to increase their payout. For most companies it is not a matter of “if” they get attacked but instead “when” they will get attacked. Companies should head the advice of the FBI and be prepared for any level of malware attack by ensuring they have a solid back up solution in place and test frequently, and that they have a reliable incident response plan.