As Australian ransomware toll grows, so do home-working risks

Organisations that delayed patching are especially susceptible to risks from home-based workers

CSO  >  ransomware / security threat
Zephyr18 / Getty Images

The COVID-19 coronavirus outbreak may be dominating news headlines, but a recent multi-million-dollar ransomware threat against an Australian company serves as a potent reminder that businesses must be wary of the risks that increasing remote work imposes on the company’s overall security position. Freight firm Henning Harders suffered a ransomware attack in the most recent incident.

Manheim Auctions, the Perth-based Australian branch of the global automobile auction company, recently suffered a major business interruption after a ransomware attack locked employees out of core systems and forced it to cancel online auctions.

The perpetrators reportedly demanded a $30 million ransom from the company, which shifted to ‘in-lane’ physical auctions for several weeks as it engaged third-party experts to sort out the incident.

Manheim said in a Facebook post that “we currently have no evidence that any of our data has been compromised” during a breach “designed to restrict access to our IT systems and interrupt our normal business operations”.

The Manheim infection followed on the footsteps of a Ryuk ransomware infection that hit physical security firm Prosegur late last year and kept systems offline for several days. And while both companies have since returned to normal operations, comments from angry customers highlight the risks to business reputation that can accompany a cyber security incident that impedes the company’s operation.

Ransomware: More common, more destructive

Ransomware is getting more common and increasingly destructive, with one recent International Wireless Communications Expo (IWCE) survey of public-safety, transportation, utility, oil and gas, education, and real estate firms finding that 61 percent had suffered some sort of malware attack in the last year — including 27 percent that suffered a ransomware attack.

Indeed, a recently released analysis from IBM’s X-Force threat-research team found that ransomware attacks were up 67 percent in 2019 compared with the previous year, the group’s X-Force Threat Intelligence Index 2020 found, with attacks on operational technology (OT) systems, in particular, up 2000 percent in 2019 compared with the previous year.

OT systems have not traditionally been managed with the same security or patching rigour as conventional IT systems — which has, in the case of new aggressive new ransomware like the Snake strain, led to high success rates targeting industrial control systems (ICSs) that are largely open to attack.

The sudden need to work at home has made past patch-delay decisions risky

The “simple” reason Snake is continuing to circulate is that ICS environments typically have “no system patching, therefore no peace and quiet,” Nozomi Networks’ APAC manager of solutions delivery and projects Malcolm Bailie has explained. “As Snake attacks from deep in the ICS environment, patching is expensive and many organisations are holding off on it until an upgrade is required.”

Decisions to delay upgrades go against security best practice but may have seemed justifiable to some in the past. However, the legacy of vulnerabilities they left could come back to haunt companies with inadequate planning as COVID-19 response measures drive employees to work from home en masse.

Fully 44 percent of respondents to the IWCE survey said they were already using their personal smartphones and other devices for work, and these numbers will soar as home working rapidly becomes pervasive.

By and large, such employees are working under a completely different set of operational parameters and there may be minimal oversight of their everyday activities by normal security technologies — creating new security risks as cyber criminals find new ways of exploiting the global crisis.

The recent Webroot 2020 Threat Report concluded that consumer PCs are twice as likely to get infected with malware than business PCs — with the volume of phishing URLs increasing by 640 percent on the previous year.

“It’s important to underscore the risk companies run when they allow their workers to connect personal devices to the corporate network,” the firm noted. “With a higher prevalence of malware and generally fewer security defences in place, it’s easier for malware to slip into the corporate network via an employee’s personal device.”

How to reduce the ransomware threat in a work-at-home world

For CSOs working to prevent the surge in work-from-home employees from becoming an enterprise vulnerability, provision of appropriate security tools and resources is paramount — as is ongoing education and reinforcement about the secure email practices necessary to prevent ransomware and other malware from exploiting persistent software vulnerabilities.

Managing exposure to business email compromise (BEC) social-engineering fraud is also essential, since staff will be performing functions without immediate access to their supervisors — and could potentially be tricked into executing money transfers without intervention from colleagues.

The government cyber security organisation, the Australian Cyber Security Centre (ACSC), recently released guidance for organisations to better secure their remote workforce, reminding businesses to “incorporate cyber security into your contingency planning”.

This includes proactive steps including implementing multi-factor authentication, adding denial of service protection, testing the scalability of security services, and ensuring staff maintain physical security measures to prevent theft or unauthorised access to devices with sensitive data.

Copyright © 2020 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline