Say goodbye to passwords! Well, if you choose to, say Microsoft. They have rolled out their “passwordless” login systems to all MS accounts. The feature, which had previously only been available to commercial customers had received positive feedback which Microsoft hope will continue with the wider rollout to their billion plus customers. The new methods of logging in involve Windows Hello, the Microsoft Authenticator app, a security (or hardware) key along with other options such as phone or email confirmation.
Why say goodbye to your password? Passwords for computer systems have been around for decades, and while they have underpinned the security of billions of accounts over the years, they have also been a factor in a huge amount of account compromise. Most people have horrible password hygiene and while it’s easy for us to say things like “don’t reuse passwords” or “make your password long and complicated” it is a lot of effort, especially since the average person has 100 passwords![i]
“Almost a quarter of all cyber insurance claims filed between 2016 and 2020 across continental Europe have been related to ransomware attacks, according to insurance giant Marsh.”
Cyber insurance is booming business and the growth of the criminal ransomware sector has no small part to play in the uptake of cyber policies. With the average cost of ransoms being $220,298[ii]and the true cost to business being much higher, many small-to-medium businesses can be sunk by a successful ransomware attack so it makes sense to seek out protection against this and other cyber-nasties. This is not the first or last report on the growth of ransomware and it is an industry that shows no sign of slowing down.
The relationship between ransomware gangs and insurance companies is a strange one. In the past, insurance companies were criticised[iii]for encouraging the immediate paying out of ransoms even though it would save them and their clients money. The thinking behind not paying out is that ultimately this would discourage ransomware gangs in the long-term. One gang, REvil even admitted to targeting those with cyber insurance that encourages payout.
Another industry that makes money in the ransomware space is one of a “ransom negotiator”. For some, the idea of talking to a criminal and getting onto the darkweb is scary and go-between services have sprung up to handle these negotiations. Ransomware gangs don’t like these services as they can delay pay-outs and often try to haggle a better deal from the criminals. Ragnar Locker and Grief are both large ransomware gangs that have issued recent warnings to their victims not to contact law enforcement or negotiators if they want their data to remain recoverable or secret.
South Africa’s justice ministry is recovering from a serious ransomware attack that has crippled internal and externally facing systems. Almost all electronic services have been disrupted and the effects will be felt far and wide, affecting child maintenance payments, bail services and the issuing of letters of authority amongst other important internal services such as email. The Department of Justice and Constitutional Development deny paying any ransom and the speed of recovery (or lack thereof) seems to corroborate their story.
Elsewhere in the commercial sector, customer care giant TTEC has been hit by ransomware. This company is used by many big corporate clients to manage customer support and sales and the effects of this one will be far reaching. It appears from certain file names used that Ragnar Locker were responsible for this attack.
“TTEC now has nearly 60,000 employees, most of whom work from home and answer customer support calls on behalf of a large number of name-brand companies, like Bank of America, Best Buy, Credit Karma, Dish Network, Kaiser Permanente, USAA and Verizon.”
Nothing hammers home the cyber threats to a family then the hacking of children’s toys. PenTestPartners were famous for performing exhibitions at trade events where they would hack a talking children’s doll to make her swear[iv]and have performed other similar tests[v]against Hello Barbie and other dolls as well. Motorola Baby Monitorshave been under the microscope recently by security researcher Randy Westergren. He managed to take apart the net traffic and code that runs the “connected” suite of Motorola products and remotely run code on the baby monitor as well as discover other network details he shouldn’t be able to.
German parents were told to destroy Cayla dolls over hacking fears in 2017
The security behind IoT devices has typically been awful but companies and regulatory authorities are making steps to improve things. Before he released this findings of his hack to the public he contacted Motorola who have already issued security patches addressing the issue. While the idea of a malicious actor spying on your kids or communicating to them through a hacked doll is scary, the more typical threat from these hacks is that the compromised device is used as a stepping-stone to compromise other devices on the network.
[i] https://securitybrief.co.nz/story/average-person-has-100-pas...
[ii] https://www.coveware.com/blog/ransomware-attack-vectors-shif...
[iii] https://web.yammer.com/main/threads/eyJfdHlwZSI6IlRocmVhZCIs...
[iv] https://www.bbc.com/news/av/technology-31059893
[v] https://www.pentestpartners.com/?s=my%20friend%20cayla
-Written by Kelvin Murray (OpenText)