This Time It's Personal – Revenge NOT Ransom
*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
The BBC reported yesterday that the Russian Hackers, known as the “Fancy Bears” had hacked the WADA (Worlds anti-doping agency) database utilizing a spear phishing attack.
It seems that every week, yet another organization becomes victim to a ransomware or malware attack. Only last week did I discuss the new variant of Locky and the impact on UK education.
Interestingly though, the motivation behind this attack was different. Unlike traditional ransomware which is typically used for financial gain, this attack was based on revenge and politics. It demonstrates that these cyber criminals care more than just about the money and in this case its believed that they wanted to get revenge on the fact that Russian athletes had been banned from the Olympics through an anti-doping investigation by WADA.
It is believed that the WADA attack utilized social engineering over email to help the attackers gain access to a wealth of personal records held by the WADA – some of those records include the likes of Venus and Serena Williams. As with many of these attacks, the user was the weakest link and the need to educate our users still remains as a priority.
However, simple steps like patching, application whitelisting and privilege management on the end point could of mitigated and reduced the likely of this attack being successful.
AppSense recently announced the availability of its Endpoint Security Suite 2.0 which combines our unique whitelisting technology and the Shavlik patching technology. Patching with Shavlik is easy – it takes 10 minutes to install and 20 to configure – its agentless and ensures that both Microsoft and other 3rd party applications are up to date. With AppSense, we can then block unknown executables such as the ransomware and its payload and remove admin rights from the users. Combined this helps protect our users from themselves and such ransomware or revenge attacks.