DarkOverlord Extorts WestPark Capital for Ransom
The hacking group known as the DarkOverlord is threatening to release data from the California investment firm WestPark Capital unless it receives a ransom.
The DarkOverlord got away with NDAs, contracts, internal reports and other sensitive data belonging to the investment firm.
The hackers published links to about 20 stolen documents online after WestPark Capital initially refused to pay, and is now threatening to release more. The documents that have already been made public include non-disclosure agreements, internal presentations, reports and contracts.
The hacking group emerged in June 2016, when it made a name for itself in lording it over, as it were, healthcare organizations.
It offered a fresh trove of 9.2 million patient records on a Dark Web marketplace, for 750 Bitcoin (about $477,000). The plaintext 2GB database as including names, addresses, emails, phone numbers, dates of birth and Social Security Numbers (SSNs) belonging to 9,278,352 Americans. The group claimed that the data was lifted using a zero-day exploit for remote desktop protocol (RDP).
The group is reportedly using similar tactics with WestPark.
Javvad Malik, security advocate at AlienVault, told us in an emailed statement that despite the threats, paying the ransom is probably not the best idea.
“The challenge is that even if companies pay the ransom, there is no guarantee that the data won’t still be leaked publicly or traded privately,” he said. “Once the genie is out of the bottle, there is no going back. So I would not recommend paying the ransom under these circumstances.”
The attacks show that criminals are starting to port winning techniques from target silo to target silo. “The recent attack on WestPark Capital indicates that no vertical—even the historically secured financial services industry—is immune to ransom attacks from either external hackers or automated ransomware threats,” said Carl Wright, EVP and general manager of TrapX, via email. “This clearly is a technique that has worked for hackers, who are now capitalizing on its predictable returns to branch out past healthcare and take advantage of the surprise factor that compels organizations to hand over critical data.”
Generally, the best offense here is a good defense. For one, organizations need to be aware of what data is hazardous to them and under what circumstances.
“Where possible, this should be imparted into the risk appetite of the organization and described independently of the technology stack,” said Malik. “If this can be done, companies will be closer to understanding the value of their data, and they’ll be able to better protect the most vital aspects, while minimizing the chances of being held to ransom.”
Tony Gauda, CEO of ThinAir, points out that the incident reinforces the notion that corporate America's most valuable asset—sensitive, proprietary data—is also its greatest vulnerability.
“Organizations that are tasked with securing highly sensitive client data (in WestPark's case, contracts, non-disclosure agreements and confidential reports) are especially ripe for extortion,” he said by email. “Enterprises need to assume hackers will eventually breach their networks, and must have precautions in place that assure data remains safe and under control regardless of whether or not a malicious actor obtains it. We will continue to see these types of data ransom attacks against organizations of every size and across every vertical until data protection solutions are put in place."
So going forward, organizations—especially regulated verticals with highly sensitive and protected data—also need to invest in technologies like deception, which identify a range of ransom threats that are perpetrated by cybercriminals as well as automated ransomware attacks, he added.
“By detecting these threats early on, security teams are immediately alerted, which gives the organizations a huge leg up in defeating these kinds of attackers before they have the chance to swipe critical data and force payment for its return,” he said.
Photo © Fotokostic
Source: Information Security Magazine