RISKS
What happened
On December 9, 2021, an exploit for the Log4Shell vulnerability (CVE-2021-44228) leaked on GitHub (which was the same day that the vulnerability was disclosed). Between December 11th and 13th, threat actors successfully exploited the Log4Shell vulnerability on a Cyclos server of ONUS (a Vietnamese crypto trading platform) and planted backdoors for sustained access. Cyclos provides a range of point-of-sale (POS) and payment software solutions, and like most vendors, was using a vulnerable log4j version in their software.
Although Cyclos issued an advisory on the 13th (reportedly informing ONUS to patch their systems), it was too late. ONUS patched their Cyclos instance quickly, but the exposure window of a mere four days allowed sufficient time for threat actors to exfiltrate sensitive databases. These databases contained nearly 2 million customer records including customer data, personal information, and hashed passwords.
Those threat actors approached ONUS, attempting to extort a $5 million sum, and threatened to publish customer data should ONUS refuse to comply. When ONUS did refuse to pay the ransom, the threat actors put up data of nearly 2 million ONUS customers for sale on forums.
Why is this important?
Ransomware has become perhaps the fastest growing type of cyberattack organizations are facing today and threat actors are taking advantage of any security vulnerability to get to your data. This ransomware attack illustrates the importance of keeping abreast of security updates to keep cyber attackers out of your environment. It’s also important to consider extra layers of security, such as multi-factor authentication (MFA) where needed if primary security layers are left exposed.
What does this mean to me?
All devices in your enterprise must be protected with push patch updates.
Customer data is always sensitive and your organization’s most sensitive data should be protected with multiple layers of security to maximize protection.
Further, best practices should be utilized to minimize the sensitive data that could be exposed. If you don’t use it, get rid of it!
APPROACHES
Ransomware prevention tips are appropriate for all organizations to consider. For organizations with a large number of sensitive records (millions), the organization should also consider maturing its Data Management Program including:
Helpful Controls
- Data Inventory – find out where all your sensitive data resides
- Data Remediation – once you have identified the locations and types of data, you need to determine what to do with the data; Delete, Move, Mask, set up a Quarantine, as well as Segmentation and Access Controls.
Commonality of attack
High
Article on story
Fintech firm hit by Log4j hack refuses to pay $5 million ransom
HALOCK Security Briefing Archives: Updates on cybersecurity trends, threats, legislation, reasonable security, and more that impact your risk management program.
SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING