As their methods evolve, cybercriminals are increasingly targeting regional manufacturing businesses with sophisticated and potentially costly attacks. A recent ransomware attack on a mid-sized manufacturer in the Southeast provides a striking real world example.
The following information is provided with the consent of the company, though it will remain anonymous to discourage revenge attacks. An executive who helped lead the company’s response to the ransomware attack discussed his experience with Bulldog Bites, Womble Carlyle’s bi-weekly podcast. That episode can be found at www.wcsr.com/podcast.
On a Saturday night, the company’s servers slowly began shutting down. By Sunday morning, it became clear the IT system was under attack. After alerting the company’s cyber insurance company, a response team was mobilized and found ransomware in the client’s system. The intrusion was so sophisticated that it required significant forensic expertise to identify the embedded malware. The resulting investigation also showed that Russian cybercriminals had made an entry through an administrator’s computer that was left connected to the internet overnight. Additionally, the individual’s login password was weak. The attackers were able to crack it, giving them high-level access throughout the system.
As the forensic cyber team worked to locate the intrusion, they learned the intruders had been trading bitcoin on the excess server capacity for several weeks prior to the attack. During the investigation, ransom notes were found throughout the system. The attackers demanded more than a million dollars in untraceable internet Bitcoin or else all of the company’s data and software would be erased.
Fortunately, the company had done its homework. They had a separate backup system that had not been corrupted. However, they did lose a week’s worth of business and data. As is standard practice in this area, the forensic investigation was conducted under the auspices of outside legal counsel to safeguard the attorney client privilege in case of future litigation.
Cybercrime is a sophisticated global business with revenues estimated at $445 billion in 2015 alone. Historically, international cybercriminals have targeted large financial, tax and insurance businesses, stealing credit card and personal identity information, and selling it to street gangs and other criminals in the United States. The data fed a massive pool of relatively small-scale financial, tax and insurance fraud.
But the pay-offs from this business model were often disappointing. Middle men capture much of the profits. Returns are waning as the victims of credit card and other cyber fraud are getting much better able to protect themselves. This is causing cybercriminals to turn to ransomware and other targeted computer fraud to extort large one-off payouts from individual data-dependent businesses. For this reason, small and medium sized manufacturing firms are increasingly the targets of cybercrime.
Here are our Ten Tips for Protecting Your Company from Cyber-Criminals:
- Conduct and document a cyber security audit using a third-party provider.
- Provide security awareness training for all employees that cover spearing phishing, credential fraud, wire transfer fraud, etc.
- Prepare and execute a risk-based cyber security plan that closes the most important gaps in security first.
- Identify in advance the professionals including outside legal professionals that will be asked to respond at once if a crisis occurs.
- Put a breach response plan in place and conduct a “test run” to identify potential gaps in preparation.
- Identify the statutory and regulatory requirements that apply to the data held by the company, including the state-by-state notifications that will be required in case of breach.
- Have a public relations plan devised in the event of a cyber breach if disclosure is required by law (or have a crisis management PR firm identified).
- Train the company’s leadership team and board to be able to execute the breach response plan quickly and confidently in a crisis.
- Obtain cyber insurance commensurate with the company’s needs and ability to pay, and after a careful review of its terms.
10. Review the company’s contractual obligations to protect the data of others to ensure that they are reasonable in scope and damages. Review the company’s contracts with vendors to ensure that they protect the company’s data.