Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Friday, February 14, 2020

This Is One Of The Bigger Cyber Attacks In Quite A While. National Economic Impact For Sure.

This appeared last week:

Toll 'humbled' as cyber attack struggle continues

Paul Smith Technology Editor
Feb 7, 2020 — 3.44pm
Toll Group managing director Thomas Knudsen has described the "humbling" efforts of his staff to keep the company going this week and battle its way through a significant ransomware cyber attack, that has forced its systems offline since last Friday, saying it is making good progress in its recovery, and hoped to be working normally within the next few days.
In a statement to The Australian Financial Review Mr Knudsen, who was a senior executive at Danish logistics giant Maersk when it was hit by a significant ransomware attack in 2017, said the company had isolated the problem and was gradually bringing its systems back up online.
Toll managing director Thomas Knudsen has addressed the challenges of dealing with the ransomware attack publicly for the first time. 
Earlier in the week, Toll disclosed that it had been compromised by a relatively new variant of the ‘Mailto’ or ‘Kazakavkovkiz’ ransomware, and that it was not going to pay the ransom demanded by hackers to unlock its files.

In his first public comments on the cyber attack, Mr Knudsen said it would spend the coming days reinstating back-end hardware and testing key systems both internally and with some customers, before moving to a broader roll-out of normal IT infrastructure.
He admitted the company had been presented with significant challenges, but said it had mobilised quickly and decisively to firstly contain the risk and then to focus on supporting customers.
"These are complex issues and we don’t resile from the fact that not everything’s working perfectly and, at this stage, some customers are still being impacted," Mr Knudsen said.
"Unfortunately, no organisation is immune from cyber attack. The response from our teams across all of our operations has been immense. It’s hard not to be humbled by the way they’re facing into the challenge to look after and support our customers."
Toll Group also operates the airport on Christmas Island, but said there had been no major disruptions there as a result of the cyber attack.  
On Thursday, the Australian Signals Directorate warned companies in all sectors to ensure their cyber security defences are up to date and that they have effective disaster recovery plans in place, following the Toll attack.
Its Australian Cyber Security Centre (ACSC) published an advisory notice about Mailto, saying it currently had only limited information about the initial way Mailto infected victims and how it then spreads across a network.
"There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the users address book to spread the malware," it said.
Phishing refers to the practice of sending spoof emails that tricks a computer user into clicking on a compromised link and letting the malware loose.
The ACSC published a so-called hash of the Mailto ransomware, which acts as an identifier and helps other organisations to scan their systems and see if it is anywhere on their network.
"The ACSC’s primary recommendation for detecting and preventing the spread of the Mailto ransomware is to update antivirus and other security tools," the advisory note said.
It went on to advise organisations should regularly patch their operating systems to ensure security defences keep up to date with the changing nature of malware attacks and that they keep daily isolated offline backups of their network to allow recovery in the event of the widespread deployment of ransomware.
Cyber security experts said the Mailto variant had been known in the industry since the start of February, so Toll's cyber defences should possibly have stopped it. However it was possible that the malicious actors had gained access prior to that realisation.
More here:
Given Toll is responsible for a good percentage of the logistics of everything from fresh food to parcels there is no doubt loosing their systems for even a few days would be an expensive and worrying event.
We all need to re-double our efforts to limit the damage these criminals can do and make sure we do not get sucked in by any of those phishing e-mails!
David.

No comments: