You may not have heard of Rackspace. They are a major cloud computing company that manages private and public cloud solutions which include managed email services. The company was recently hit by a ransomware attack.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Those carrying out such attacks are known as threat actors. The Rackspace forensic investigation determined the threat actor was the relatively new ransomware group known as PLAY who also claimed responsibility for the Arnold Clark attack previously reported (Arnold Clark attack highlights need for cyber-security). It investigation believed that the PLAY group was financially motivated to carry out the attack on Rackspace, and may have gained access to a relatively small number of customers’ email data.
It is believed that 30,000 email accounts were affected in the attack. Whilst it isn’t thought that any of the data has been used by PLAY, that’s still 30,000 individuals or organisations whose data could now be potentially available to criminals now or in the future.
There are many companies such as Rackspace who manage cloud solutions and email services which we all use on a day-to-day basis. Whilst we cannot control how they manage their own complex security, there are plenty of relatively easy to do things that organisations can do to retain some control of their data and security.
Many ransomware attacks are made utilising vulnerabilities in the computer system which have not been ‘patched’. According to Wikipedia, a patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs, with such patches. They are often written to improve the functionality, usability, or performance of a program. The majority of patches are provided by software vendors for operating system and application updates.
If you receive a patch or notification of any updates on your device, implement it as soon as possible. These updates are not provided to annoy you or slow down your day (although some do seem to take a long time), but they are designed to keep you and your information safe from such attacks.
A Virtual Private Network (VPN) adds security and anonymity to users when they connect to web-based services and sites. It hides the user’s actual public IP address and “tunnels” traffic between the user’s device and the remote server. Where weak credentials are involved, however, without multi-factor authentication, security breaches can occur. It is therefore essential to strengthen the security of remote access systems. Ensure they are fully patched (as above) and ensure users all use strong passwords for authentication along with some form of multi-factor authentication (MFA).
Passwords are often the weakest link in most organisations’ security. Improving password security is therefore one of the first, and easiest, steps to take safeguard your business. Users often reuse passwords between accounts and pick easily guessed or previously breached passwords, making them an easy target for compromise. Don’t allow yourself or one of your team to be one of these.
Whilst the steps above are relatively simple, you may prefer to employ experts to do these checks, updates, patches and password checks for you. The cost of this varies enormously, but here at the BCC, we offer a FREE 30 minute consultation with a security expert to assess your current situation and how you might mitigate any risks identified.
For further information, contact us. The BCC aims to turn cyber complexity into cyber confidence.