California Investment Bank Compromised by Hackers
A hacking group has released sensitive data from the California investment bank, WestPark Capital. The hackers are trying to extract a ransom payment from the financial services company.
The cyber-attackers who identified themselves as TheDarkOverlord left the following message on Pastebin, dated 25/9/16:
“WestPark Capital is a 'full service investment banking and securities brokerage firm' whose CEO, Richard Rappaport, spat in our face after making our signature and quite frankly, handsome, business proposal and so our hand has been forced.”
The above was accompanied with 20 confidential files belonging to the investment firm, including internal presentations, reports, non-disclosure agreements and other contracts.
Most modern ransomware works by encrypting data which blocks access. Prime examples of such include:
Cryptolocker - https://afritechnet.blogspot.com/2015/11/cryptowall-40-evolution-in-ransomware.html
JS/Ransom-DDL https://afritechnet.blogspot.com/2016/06/jsransom-ddl-ransomware.html
and the infamous ‘Locky’ https://afritechnet.blogspot.com/2016/03/introducing-locky-ransomware.html.
WestPark Capital appear to have been subjected to a less sophisticated attack. Unlike many ransomware attacks WestPark have not lost access to their files but instead risk having the internal workings of their organisation revealed to the outside world.
Lastline security claim that the hackers took advantage of a vulnerability in the Microsoft Remote Desktop Protocol.
“This is a standard technical tool for remote management of server devices and, frankly, their network perimeter security must have been lax for this to have ever worked,” said Jamie Moles, security consultant at Lastline.
“It is normal security practice to limit the RDP on firewalls to allow only certain IP addresses to access your systems and it looks likely that WestPark failed to implement this basic step,” he added.
The above statement is further confirmation that companies in industries in which privacy and confidentiality are essential still refuse to take data security seriously enough.
TheDarkOverlord outfit have a track record of large scale data theft. They have managed to steal in excess of 9 million health and insurance details which they then listed on dark web markets for a total of 750 bitcoins ($453,000). http://boingboing.net/2016/06/30/dark-overlords-health-re.html
0 comments:
Post a Comment