VENDORiQ: Latest Ransomware Attacks Are An Unwelcome Reminder

ABC News recently highlighted a concerning development, shedding light on the activities of the Russian ransomware group AlphV. This underscores the ever evolving threat of ransomware attacks and the importance of staying vigilant in the face of such cyber threats.

The Latest

On 5 September, ABC news reported that ‘Russian ransomware gang AlphV targets pathology company, law firms in latest string of attacks’. Noting that the hackers had claimed to have stolen more than 4.95TB of data, the article reported two types of third party impact:

  1. Where the immediate target would not pay a ransom, the hackers were using the personal information to directly contact and extort the target’s clients.
  2. That a managed service provider appears to be a common factor, the breach possibly having come via one of its clients.

Why It’s Important

The victim organisations and their clients have an arduous road to recover systems, relationships, and reputations from these attacks. It is not IBRS intent to make their job any harder by naming them here. Some of the circumstances have still to be analysed, so these short comments are couched as observations rather than conclusions:

  1. Cyber criminals continue to evolve their techniques in unpredictable ways. What would happen if hackers went directly to your customers with ransom demands? How would they/you respond? Does this extension of a technique elevate the impact, and thus risk level, of a ransomware or other cyber incident? Organisations need to continually monitor the cyber landscape (e.g. subscribe to alert feeds) and reassess risk and response plans.
  2. Outsourcing ICT to a service provider does not eliminate risk. A service provider should have better cyber defences to protect, detect and respond than you can support alone. But service providers will also have larger perimeters due to their multiple customers, and security is only as strong as the weakest link. IBRS has recently written1 about valuable zero trust principles that can enhance an organisation’s cyber security strategy. Organisation may also review privilege access management.2
  3. ICT teams can outsource responsibility for ICT work to a service provider, but cannot outsource accountability. ICT leaders cannot expect to simply blame service providers for breaches, as their organisation will naturally be held accountable for managing the service. Does ICT have a program of monitoring, testing, reporting and audit? Were actions commenced and followed up? Cyber incidents are particularly tricky. If the service provider is at fault and knows it, then it may not want to face the potential consequences. Relying solely on the service provider for a cyber response plan is not effective. It won’t protect the organisation or allow for an effective response.

Who’s Impacted?

  • CIOs
  • Security and risk teams
  • ICT vendor managers

What’s Next?

  • If the organisation does not have a threat intelligence capability, link to open source, vendor and analyst feeds on evolving threats.
  • Schedule regular reviews of the cyber landscape for new trends and review their risk and response plans accordingly.
  • Review vendor management plans for how they manage and mitigate cyber risk. 
  1. Zero Trust Paradigm: What’s Going Wrong And What Should Be Retained, IBRS, May 2023 ↩︎
  2. Meeting Security Challenges Through Essential Eight-Complaint Privileged Access Management (PAM), IBRS, June 2022 ↩︎

Trouble viewing this article?