The Cybersecurity and Infrastructure Security Agency (CISA) and FBI Cyber Division have released a joint Cybersecurity Advisory (CSA) warning organisations that Russian state-sponsored cyber actors have gained network access through the exploitation of default multi-factor authentication (MFA) protocols and a known vulnerability.
As early as May 2021, Russian state-sponsored cyber actors gained access to a non-governmental organisation via exploiting default MFA protocols to control their network. Organisations that implement MFA have been told to review their default configurations and modify as necessary in order to reduce the likelihood that attacks can circumvent this control in the future.
With this in mind, Julia O’Toole, Founder and CEO of MyCena Security Solutions, has said that solely relying on multi-factor authentication to protect network access from this new wave of cyber actors and ransomware gangs is not enough.
“It is important for companies to understand that they must play a more active role in their own cyber-defence. With this MFA vulnerability, it proves even the most secure-seeming security methods will not stop attackers, especially those sponsored by the Russian state.”
“Within the Russia-Ukraine conflict, we’ve seen ransomware gangs like Conti pledging support with Russia. Their attacks are classified as acts of war, which has seen changes in insurance exemptions to reflect an increase in damages caused to enterprises related to state-sponsored cyber-attacks.”
"About 75% of ransom payments come from insurance, but with more developments from ransomware groups in recent years, it is becoming too expensive to insure damages for every cyber-attack. After insurance companies put out war exclusions, more gangs are announcing that they are acting independently to the Russian Federation or Ukraine, in the hope insurance companies will keep funding the ransoms.”
"Rather than spending hundreds of thousands on insurance, companies are better off investing in improving cyber-defences themselves to prevent attacks in the first place.”
“Additionally, we have even seen independent ransomware gangs are getting more brazen in their attempts to breach. New arrivals on the scene like Lapsus$ have actively used social media to advertise their access to victims via phishing attacks, broadcasting their victims’ identities through Telegram for anyone to see.”
“With groups such as Lapsus$ acting not for financial or political motives but instead for clout and infamy, it makes them far more dangerous to businesses. Lapsus$ breaching Nvidia in mid-February and stealing 1 terabyte of data, including the usernames and passwords of more than 71,000 Nvidia employees, makes the idea of unique user control redundant and exposes the limitations of centralised access once the system gets compromised.”
“Most recently, Lapsus$ has even advertised breaching access to Okta – an authentication company used worldwide. Any hack of this kind can have ramifications for all organisations relying on Okta to authenticate access, with Lapsus$ themselves threatening to focus on Okta customers.”
“Simply relying on MFA methods will not prepare organisations for this rising tide of new-age cybercriminals. In fact, Lapsus$ does not want to kill the golden goose and said they were not interested in OKTA itself but in its customers. Instead, regaining and re-establishing command and control on the business side, managing access through segmentation and encrypted passwords distribution is a more effective solution in removing the potential for human fault entirely from the equation.”
“A simple focus in security structure like this makes all the difference in protecting your network from exploited access, and therefore hefty ransom payments.”
- Ends -
FOR MORE MEDIA INFORMATION
Adam Hartley/ Nathan Patel/ Alex Henderson
T +44 (0)20 7388 9988
mycena@spreckley.co.uk
About MyCena Security Solutions
Founded in 2016, MyCena is the market leader in segmented access management and safe password distribution. MyCena’s patented security system allows companies to adopt a cyber-resilient strategy from conception using access segmentation, distribution and protection. With its ground-breaking technology, MyCena protects companies from the risks of password error, fraud and phishing, loss of command and control, ransomware, and supply chain attacks success. The company offers enterprise security solutions and applications to end users. To learn more visit: https://mycena.co/
MyCena has launched a mobile device add-on for its enterprise segmented digital access security solution. Its aim is to solve three fundamental cybersecurity weaknesses: creating and sharing passwords, risk aggregation, and memorising passwords. Companies worldwide are suffering more numerous and more costly attacks every day. More than four of every five cyberattacks begin with a phished password and, with the average ransomware breach now costing over £3.6million, there is an urgent need for businesses to protect themselves. MyCena’s solution helps companies to make common critical security issues – like stolen passwords and system single points of entry – a thing of the past.
Ubisoft, the video games developers behind franchises such as Assassin’s Creed and Far Cry, was the target of a large attack earlier this month. Users first noticed disruption in accessing Ubisoft services, before further interruptions to Ubisoft games, systems and platforms. Ubisoft then confirmed it had suffered a cyber security incident. As a precaution, the Ubisoft IT team carried out a company-wide password reset to try and mitigate any damage – although access had already occurred. Early signs point to the hacking group LAPSUS$ taking responsibility. The group has previously attacked companies such as NVIDIA, aiming to steal data and extort a fee in return for not leaking any customer or business information.
The US government has passed another law in a bid to fight cybercrime. On March 11, the Senate passed new legislation drawn up by senators Gary Peters and Rob Portman. It states that any US critical infrastructure institution must declare when it has suffered a new cyberattack on its systems. This law is part of President Biden’s attempt to improve US national cybersecurity following several notorious attacks in recent times. It comes at a crucial time. With experts expecting fresh attacks on critical infrastructure due to the Ukraine conflict, companies will now have to notify the government within 72 hours of an attack – or 24 hours if they are making a ransomware payment. Should companies not notify the authorities, they can now face severe penalties.
Experts believe that we have yet to see the peak of the Ukraine conflict in the cyber world. According to The Guardian, cybersecurity experts are now monitoring all developments closely – with many believing that the worst is to come. Before the physical war began, Ukraine suffered many cyber attacks from Russian gangs. These included wiper attacks against government institutions, with a number of websites affected in the process. Some experts believe that we may be in a quieter period of attacks – for now. Meanwhile, each side is poised to retaliate should they experience another large incident. The cyber world is now one of the most critical areas of conflict – and experts believe we might soon see the first “catastrophic” attack of this cyber war.
The Russian invasion of Ukraine has led to hackers on both sides preparing for further escalation. There has been a rise in attacks since the start of the year as tensions have increased, including various data wipers, phishing campaigns and DDoS attacks. This is not only bad news for the countries involved, but for everybody. As we have seen in the past, modern cyberattacks have the potential to affect many more institutions than the intended target. One of the most famous examples is an appropriate example: In 2017, Russian hackers targeted Ukrainian organisations, including the National Bank of Ukraine, with the NotPetya attack. The attack spilled to organisations around the world, eventually costing over $10billion in damage, according to a US government assessment. Should another severe attack occur in Ukraine or Russia, it has the potential to affect every country around the world – meaning everybody should look to increase their cyber resilience as much as possible.
