RansomWhere? Everywhere!

Ransomware Attacks

RansomWhere? Everywhere.

Recent months have shown a significant rise in the number of ransomware attacks on various verticals. This was highlighted by the Homeland Threat Assessment October 2020 Report, Temple University Ransomware watch list, Microsoft’s September report, and others. Moreover, an indicator for that can also be found in the rise of Bitcoin’s exchange rate which is used for ransomware payoffs.

First death caused by ransomware attack

A recent and unfortunate incident was when a woman died in Duesseldorf University Hospital during a ransomware attack. She might have been the first victim linked to a cyberattack on a hospital, and hopefully the last one…  Additionally, a Philadelphia company selling software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack. This caused some of those trials to slow down two weeks after the attack. Many of these attacks could have been easily carried out by an infected device…

It seems as if no one is immune!

Why? There are the obvious reasons related to financial downtime and uncertainty, which always leads to an increase in criminal activity. “Legacy crime” activities are harder to complete – ever tried pickpocketing while social distancing? So, if you are a criminal sitting at home, you can binge-watch the Netflix series, “House of Paper”… Or you can make the effort to understand what’s this ransomware “stuff” that everyone is talking about. And hey,  you have Rita’s cousin who is a computer geek, so why not use him? All the information is out there, you can run an easy ransomware attack by just asking someone to put a manipulated mouse or keyboard  on someone’s desk… No Navy Seals training is required for that, Rita’s cousin will suffice.

Hardware-based ransomware attacks on the rise

Without hardware security, the Physical Layer remains uncovered. This allows Rogue Devices to go undetected due to the fact that they operate on this layer-resulting in hardware-based ransomware attacks… Spoofed Peripherals are manipulated on the Physical Layer and impersonate legitimate HIDs, being detected as such by endpoint security software. Network Implants go entirely undetected by network security solutions, including NAC, as they sit on the Physical Layer, which such solutions do not cover. So, without hardware security, enterprises are completely exposed to hardware-based ransomware attacks, no matter how many alternative security measures are in place.

Cybercriminals are taking advantage of COVID-19 #WFH vulnerabilities

The professional cybercrime and state sponsored groups find these times a fertile ground for their operations by using all the much discussed COVID-19 #WFH vulnerabilities effect. Since these work from home policies present an even greater risk of hardware attacks, organizations need to be more aware of physical layer security. Attackers will always be smart! They are pragmatic and fast to adapt to cybersecurity challenges. Furthermore, if in the past, companies with a good backup plan could bounce back without even paying off, this is no longer the case. Now the new “currency” is data leakage, and bouncing back from a major data breach comes with a completely different price tag. Do you want an example of how easy it is? John is fed up with his boss and is thinking about leaving the company. In theory, he could take a certain database snapshot of customers or IP and send it anonymously to his company as “Proof of Authenticity”, threatening to release a massive amount of data…. How could you tell if it is an internal abuser or APTx? Does it really matter? Do share your insights and comments. Keep safe, physical and virtual.
Sepio’s platform uses a novel algorithm, a combination of physical layer fingerprinting module coupled with a Machine Learning module – providing the sought-after visibility and enforcement level, it is further augmented by a threat intelligence database – ensuring a lower risk hardware infrastructure.

Hardware Assets Control solution for iot security

Sepio’s Hardware Access Control HAC-1, provides 100% hardware device visibility. HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics. HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.

The idea is to Verify and then Trust that those assets are what they say they are.

With greater visibility, the zero-trust architecture can grant access decisions with complete information. Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters. The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected Our HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests. Sepio Hardware Access Control HAC-1 provides 100% hardware device visibility. No device goes unmanaged. Rogue Devices are block as soon as they are detected. HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Physical Layer Fingerprinting

Sepio is the only company in the world to undertake Physical Layer fingerprinting . HAC-1 detects and handles all peripherals; no device goes unmanaged. With this total visibility, a stronger cyber security posture is achieved. There is no longer needed to rely on manual reporting or employee compliance. Sepio manage security and provides answers to questions such as:
  • Do we have an implant or spoofed device in our network?
  • How many IoT devices do we have?
  • Who are the top 5 vendors for devices found in our network?
  • Where are the most vulnerable switches in our network?
Having visibility across all hardware assets provides a more comprehensive cyber security defense. Reduce the risk of a hardware attack being successful and our private health data being stolen. Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio’s HAC-1 is the first hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs.

Sepio’s Technology

Sepio’s hardware fingerprinting technology discovers all managed, unmanaged and hidden devices that are otherwise invisible to all other security tools. Sepio is a strategic partner of Munich Re, the world’s largest re-insurance company, and Merlin Cyber, a leading cybersecurity federal solution provider. Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this.

HAC-1 fingerprinting technology and Ransomware Attacks

Sepio Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments. HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the organization’s cybersecurity posture. HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices. Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.

Sepio supporting compliance

Sepio Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks. As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.

HAC-1 fingerprinting technology

HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints. In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware. Furthermore, HAC-1’s RDM capabilities support compliance with Section 8 of the EO, which concerns the government’s investigative and remediation capabilities. Section 8 focuses on enhancing data collection efforts in order to improve the investigation and remediation processes following an incident. HAC-1 logs all hardware asset information and usage and maintains such data for a period defined by the system administrator.