Tag Archives: cyber-attacks

Sodinokibi: The Crown Prince of Ransomware

Reading Time: 2 minutes

Sodinokibi, also known as REvil (short for Ransomware Evil) is a ransomware threat group gaining more and more notoriety. Similar to some other ransomware families, REvil is what is called a Ransomware-as-a-Service (RaaS). Ransomware-as-a-Service is where a group of people maintain the code and another group, known as affiliates, spread the ransomware. Such RaaS models allow affiliates to distribute REvil ransomware in various ways, such as phishing campaigns or by uploading tools and scripts allowing them to execute the ransomware in the internal network of a victim. 

Sodinokibi hacks organizations by infecting them with a file blocking virus, which encrypts files after infection and discards a ransom request message. In the message, Sodinokibi explains that the victim needs to pay a ransom in bitcoins or else the files will be leaked. 

The group recently made headlines when they targeted Acer, a Taiwanese electronics company. On March 19th 2021, Acer was the subject of a hacker attack. The attackers, who are the REvil group, demanded the biggest known ransom to date in the history of cyber-attacks – $50 million. The hackers gave Acer until the 28th of March to pay the ransom, or all the stolen data will be released to the public. As of March 20th, Acer did not acknowledge that they were the victim of a security breach. 

Acer data leak on REvil ransomware site
Acer data leak on REvil ransomware site

The malware first surfaced in 2019, when it was discovered that in Oracle’s WebLogic server a serious flaw was noticed – a remote code execution bug which was remotely exploitable without authentication. This was an unusual attack from the side of the hackers, as it directly utilized the vulnerability of the server – and as researchers suggests, such attacks are typically executed with the involvement of user interactions, e.g., the act of opening an attachment to an email message or clicking on a malicious link. 

Sodinokibi has subsequently targeted organizations such as celebrity law firm Grubman Shire Meiselas & Sacks, foreigner currency exchange giant Travelex, Brown Forman Corp. (the owner of the Ritz Hotel in London) and as of recently Acer. 

REvil ransomware funcionalities

REvil is gaining momentum and notoriety, which is evident in the way the hacking group decided to target the tech giant Acer. This cyber security breach is worth following, as the repercussions for Acer may be substantial. This unfortunate event for Acer should also serve as a reminder to all internet users that cyber security attacks keep getting more refined and complex, and that substantial security measures should always be kept in place. 

References

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

https://www.infradata.pl/en/resources/what-is-revil-ransomware/

https://threatpost.com/revil-claims-ransomware-attacks/164739/

https://www.theverge.com/2021/3/20/22341642/acer-ransomware-microsoft-exchange-revil-security

Tagged , , , ,

The new, best way to deal with cyber-attacks?

Reading Time: 4 minutesDarktrace autonomous AI-system finds out about any digital threats, before they get severe.

Information leaks happen almost every day in the Internet. Meanwhile most of the engineers try to find a way to prevent hackers from getting into the digital systems, some of them noticed that it might be better to do it the other way around. In 2013 with that idea in mind, Darktrace has been created.

A group of former MI5 agents joined forces with Cambridge mathematicians with a mission in mind to develop a new tool to fight cyber-attacks. Interestingly enough, they decided to use AI to make that happen. As their philosophy states ‘Pit the machines against the machines to keep your data safe.‘.

So how does it really work and why is it effective? Frankly, it is quite simple. Darktrace connects their software with company’s system. From that moment, the AI starts monitoring all the activities that occur within the digital infrastructure. Furthermore, it is learning how does the company operate.

Well, you may now ask yourself a question why is it all for? With all of the data accumulated, Dartktrace’s software can now easily detect any instances of unusual activities or deviations. This is called unsupervised learning, a very rare type of machine learning, that doesn’t require any information from us humans, to know what to look for.  This really revolutionized the market, because before that we used supervised learning, which is quite the opposite. In that case we had to provide data to the AI in order to allow it to learn about the threats and problems that may occur. Although it works fine in most of the cases, it has its flaws too. The main problem is that it is useless when unknown threats appear. That’s where Darktrace has the advantage.

Darktrace software here just neutralized an anomalous, dangerous behaviour

For example, in 2017 the software was introduced to one of the Las Vegas casinos. Although the company states, that their AI usually is not really useful within first days of working due to its learning process taking at least a week, just after its start, it registered some unusual activities. It turned out, that their recently installed fish tank, which had electronic sensors connected to the servicing company, had transferred over 10GB of data to an external device, which did not belong to the company. After some digging they have found the hacker all the way in Finland.

As Dawn Song, a cybersecurity and machine-learning expert at the University of California, Berkeley stated “the whole system is as secure as its weakest link” and that is the great example of that.

An example of how Darktrace interface looks like.

What also accumulates to their superiority over the market is the accessibility. Their software is really easy to use and to see through. They also provide consultations, if anyone from the IT department encounters any problems with the software. Although co-chief executive Poppy Gustafsson said that they do not want to focus on that part of service “We don’t do consulting” she said “Our tech is not just about detecting cyber threat but also to autonomously respond.”.

Also interesting is the fact that the whole idea was inspired by human body. In one of the interviews, the co-CEO of the company, Nicole Eagan said “It’s very much like the human body’s own immune system,” and moreover  “As complex as it is, it has this innate sense of what’s self and not self. And when it finds something that doesn’t belong—that’s not self—it has an extremely precise and rapid response.”

This start-up has been performing incredibly ever since it was created. In March 2015 they were evaluated at 80M dollars. Only three years later in September 2018 they are valued at over 1,65 billion dollars. This rapid growth is was mainly accelerated by Mike Lynch and his Venture Fund, Invoke Capital. He owns right now over 40% of the company making him the shareholder with the highest ownership.

Although right now it may seem for you, as if this is a perfect software and solution to cyber-crime, it has its flaws too. Some IT workers had reported that this AI-based system, continuously reports multiple deviations throughout the day, to the point when they had to stop checking the alerts, just because it was a waste of their time. Furthermore, Darktrace’s plans for their customer are not cheap at all, which can make them less desirable.

Frankly, I would say that even though it will help bigger companies to eliminate some threats, especially from the inside, it is nowhere near the perfect solution yet.

What do you think about this start-up? Are AI-based systems the solution to our problem with cyber-crime? Let me know in the comments.

 

 

Reference list:

  1. Leslie, I. (2018, June 15). You used to build a wall to keep them out, but now hackers are destroying you from the inside.
    https://www.wired.co.uk/article/darktrace-insider-threats-hackers-security
  2. Ram, A. (2018, October 10). Inside Darktrace, the UK’s $1.65bn cyber security start-up.
    https://www.ft.com/content/2fa5bade-cb09-11e8-9fe5-24ad351828ab
  3. null. (null). Cyber-Security SEIM | IDS. https://msp-partner.com/darktrace/
  4. Clifford, A. (2018, August 7). How billion-dollar start-up Darktrace is fighting cybercrime with A.I. .
    https://www.cnbc.com/2018/08/07/billion-dollar-start-up-darktrace-is-fighting-cybercrime-with-ai.html
  5. Hao, K. (2018, November 16). The rare form of machine learning that can spot hackers who have already broken in.
    https://www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
  6. Darktrace. (null). Company Overview. https://www.darktrace.com/en/overview/

 

Tagged , , ,