Tag Archive for: question

French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

/in


France’s Supreme Court has referred a criminal case that relies on evidence from the hacked EncroChat encrypted phone network back to the court of appeal after finding that prosecutors failed to disclose sufficient information about the hacking operation.

The Cour de Cassation in Paris found that French investigators and prosecutors had failed to supply a certificate to authenticate intercepted phone data and messages obtained from EncroChat phones as required by French law. There was also an absence of technical data about the hacking operation, the court found.

French police and prosecutors refused to disclose how a joint Dutch and French operation to hack EncroChat, which led to thousands of arrests of suspected organised criminals around the world, was undertaken – citing defence secrecy.

Defence lawyer Robin Binsard, co-founder of law firm Binsard Martine, which took the case to the Supreme Court, said last night that the case would be re-heard by the court of appeal to determine whether adequate legal guarantees were in place.

“The Supreme Court stated that, in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat,” he wrote on Twitter.

“The Supreme Court stated that in the absence of a certificate of truthfulness, the evidence covered by defence secrecy could not be legal. The case will be sent to another court to see if the certificate exists. In the meantime, there is no guarantee of validity of evidence from EncroChat”

Robin Binsard, Binsard Martine

The hearing follows an operation by French cyber experts to harvest 120 million messages from EncroChat phone users in multiple countries, in a novel interception operation that provided a rich source of intelligence and evidence on the activities of criminal groups in 2020.

In the UK, the National Crime Agency (NCA), working with regional organised crime units, the Metropolitan Police and other law enforcement agencies, made more than 2,600 EncroChat-related arrests using the French data by…

Source…

N.L. cyberattack update planned, experts question scarce information provided so far

/in


ST. JOHN’S, N.L. – Security experts say it’s strange for the Newfoundland and Labrador government to have released little information about a cybersecurity attack that has crippled its health-care system more than a week after the trouble was detected.

Premier Andrew Furey is scheduled to provide an update on the situation Tuesday afternoon, but government officials have so far refused to say what kind of an attack the province is facing and whether the hackers involved have asked for money. Outside experts say it has all the signs of a ransomware attack, in which hackers infiltrate an information technology network and demand payment in return for restoring access.

Brian Honan, the head of Ireland’s Computer Security Incident Response Team, said government representatives in that country were on national radio the morning after a similar attack was discovered last May, “telling people what happened, how it happened, what the impact would be.”

“They came up very early and said they would not be negotiating with criminals, they would not be paying the ransom demand and they will be looking to restore systems as quickly as possible,” Honan said in a recent interview.

People were worried about their private information being published by the hackers, and the government’s transparency helped them understand what to expect, he said.

The attack in Newfoundland and Labrador was first discovered Oct. 30, affecting what Health Minister John Haggie described as the “two brains” behind the provincial health network’s data centre. Without access to such things as basic email, diagnostic images and lab results, the eastern health authority — which includes several major hospitals in St. John’s — was left operating largely with pen and paper and running only emergency services.

Thousands of medical appointments have been cancelled, though the health authority has been able to resume some cancer care, such as chemotherapy and radiation.

Brett Callow, a threat analyst for Emsisoft, an international cybersecurity firm based in British Columbia, said there could be “very good reason” for the Newfoundland and Labrador to keep quiet, even 11 days after the attack was first…

Source…

AWS ransomware attacks: Not a question of if, but when

/in


Ermetic announced the results of a study about the security posture of AWS environments and their vulnerability to ransomware attacks. In virtually all of the participating organizations, identities were found that, if compromised, would place at least 90% of the S3 buckets in an AWS account at risk.

AWS ransomware attacks

As more and more data moves to the cloud, platforms like AWS are becoming an attractive target for ransomware operators. While Amazon S3 is considered extremely reliable, a compromised identity with the right combination of entitlements can expose data objects to ransomware.

Researchers found that such ransomware-vulnerable combinations are extremely common. In fact, over 70% of the environments in the study had machines that were publicly exposed to the internet and were linked to identities whose permissions could be exploited to allow the machines to perform ransomware.

“Very few companies are aware that data stored in cloud infrastructures like AWS is at risk from ransomware attacks, so we conducted this research to investigate how often the right conditions exist for Amazon S3 buckets to be compromised,” said Shai Morag, CEO of Ermetic.

“We found that in every single account we tested, nearly all of an organization’s S3 buckets were vulnerable to ransomware. Therefore, we can conclude that it’s not a matter of if, but when, a major ransomware attack on AWS will occur.”

Majority of AWS accounts vulnerable to ransomware attacks

Researchers identified the following findings in the organizations they evaluated which would allow ransomware to reach and execute on Amazon S3 buckets:

  • Overall, every enterprise environment studied had identities at risk of being compromised and that could perform ransomware on at least 90% of the buckets in an AWS account
  • Over 70% of the environments had machines that were publicly exposed to the internet and identities whose permissions allowed the exposed machines to perform ransomware
  • Over 45% of the environments had third party identities with the ability to perform ransomware by elevating their privileges to admin level (an astounding finding with far-reaching implications beyond the ransomware focus of this research)
  • Almost…

Source…

Editor’s Question: The best way to respond to a ransomware attack

/in


We asked three industry experts: Should organizations focus greater attention on putting systems in place that enable quick data recovery rather than pay a ransom in the event of a ransomware attack? Here are their responses:

Mark Lukie, Sales Engineer Manager – APJ, Barracuda

If your organization falls victim to a ransomware attack, the very last thing you should do is pay the cybercriminal’s demands.

Buckling under the threat and making payment, usually in Bitcoin or another cryptocurrency, may seem like the easiest way out of a dark corner, but it does nothing to help stem the rising tide of attacks occurring around the world. It also doesn’t guarantee you’ll actually regain access to your data.

Mark Lukie, Sales Engineer Manager – APJ, Barracuda

A further risk arises when cybercriminals copy sensitive data before they encrypt it. Even if the ransom is paid, they still have the option of selling this data to another party or simply releasing it in the hope of causing reputational damage to the victim.

The recent surge in ransomware attacks has been aided by the large number of people who have been forced to work remotely during the COVID-19 pandemic. No longer protected by perimeter security as they are in the office, they’re more open to threats and attacks.

Ransomware is also proving very lucrative for criminals as a result of surging cryptocurrency prices. The digital currencies are the perfect payment mechanism as they are unregulated and difficult to trace.

Attacks are also increasing in number because of the relative ease with which they can be conducted. It’s even possible to make use of so-called ‘ransomware- As-a-Service’ which removes the need for any technical knowledge at all.

It should also be noted that paying a ransomware demand can also put an organization at a greater risk of further attacks. It is a winning situation for an hacker when they receive payment, so they are likely to target the same organization multiple times. As long as the opportunity for payout remains, the attacks will continue.

Preparation is better than payment

To avoid falling victim to an attack, and ensure systems can be recovered…

Source…