Experts Insight on Pitney Bowes Ransomware Attack

Global shipping and mailing services company Pitney Bowes announced the partial system outage that impacted customer access to some services as a result of a ransomware attack that encrypted some of its systems.

EXPERTS COMMENTS
Roger Grimes, Data-driven Defence Evangelist ,  KnowBe4
October 15, 2019
Phishing is involved in 70% to 90% of all successful breaches and unpatched software is involved for 20% to 40% attacks.
The shipping industry has been a pretty big target ever since the NotPetya ransomware attack on Maersk in 2016. The shipping industry was concerned about hackers and malware for years before that, and shipping was always considered a part of federal critical infrastructure guidelines, but it was all mostly theoretical. NotPetya changed that. It proved that a single malware program could significantly impact shipping. The Maersk event changed the industry forever, including in the United States. The United States Coast Guard can not only stop an infected ship from docking in an American port, but there are also specialized Coast Guard teams which can be shuttled out to the affected ship to assess and help. The Coast Guard now considers cyber intrusions a threat like they would terrorist events, holes in the hull, and severe weather. They not only educate and warn, but can tell a ship that they aren’t seaworthy enough to dock because of the risk from loss of control of their digital systems. I don’t know the details of the ransomware attack, but without any inside knowledge, you can bet it was due to one of two things: a phishing email or unpatched software. Phishing is involved in 70% to 90% of all successful breaches and unpatched software is involved for 20% to 40% attacks. Any single other root cause you can think of accounts for less than 1% of the risk. Every other risk added up all together equates to less than 10% of the risk in most organizations. So, how do you stop ransomware? It’s easy. Don’t get socially engineered into doing something against your interests and patch your software. Nothing else really matters. Unfortunately, we are told that we have to worry about a thousand things and not told that two of these things matter far more than everything else. It leads to a lack of focus, which hackers love. Phishing and unpatched software have been responsible for the greatest number of attacks for over three decades, and it’s not going to change as long as people aren’t paying attention to the right things. Hackers will keep using phishing and attacking unpatched software for as long as it is working, and as the latest attack against Pitney Bowes shows, it’s working just fine.
Raphael Reich, Vice President,  CyCognito
October 15, 2019
Ransomware provides an easy income for cybercriminals targeting successful corporations.
Major organizations such as Pitney Bowes are increasingly under threat of ransomware, as the FBI warned just last week. While it's not yet clear what the source of the Pitney Bowes incident was, organizations focused on digital transformation find themselves open to these attacks because exposed of pathways in their IT ecosystem of which they are typically unaware. This includes not only their own IT assets, such as servers, applications and infrastructure, but IT assets that belong to, or are managed by their third party vendors, partners or subsidiaries, which are highly interconnected with the company. These shadow assets and attack vectors create shadow risk, which arises when organizations have not fully mapped their attack surface. When attackers find these exposed and unsecured assets, they can leverage vulnerabilities in them to launch ransomware attacks. Ransomware provides an easy income for cybercriminals targeting successful corporations, which are typically taken completely by surprise when they learn just how many unsecured IT assets their ecosystem partners and subsidiaries have, and what an easy target for exfiltration and ransomware those assets present.
Shawn Kanady, Director of Digital Forensics, Incident Response,  Trustwave SpiderLabs
October 15, 2019
7 Key Steps Organizations Can Take To Defend Against Ransomware
Today, what’s happening is not everyone is paying, so attackers want to hit the institutions or companies that are going to hurt the most because they’ll be put in a position where they’ll have to pay. But it’s key for organizations to remember -- the ransomware is just the end payload. They need to focus on how the attacker got in. Overall, there are seven key steps organizations need to take to defend against ransomware: 1. Backup Your Data - Have an online backup, but also keep an offline copy of it as well. 2. Inventory Your Systems - Conduct an IT audit of your systems. Make sure that anything that’s legacy or something that can’t be patched (like a Windows 2003 server) is isolated and highly monitored because it will be your biggest liability. 3. Conduct Continuous Awareness Training - Keep your security awareness training up because humans are the weakest link. 4. Implement a Patch Cycle Program - Have a good patch management program when you’re patching within 30 days. Make sure that third-party apps are also patched. 5. Perform Application Whitelisting - This is a huge factor in these types of attacks. This goes beyond just ransomware, but even those malicious downloaders. Doing application whitelisting where you have your systems and you only allow the applications that you know about to run on those systems. 6. Deploy an EDR Solution- Baselining your systems and keeping aware of any new or rogue processes on your systems will curb those first-stage pieces of malware from going by unnoticed and causing more harm. 7. Secure Email Gateway Solution- A strong secure email gateway solution will go a long way in protecting what is commonly the initial infiltration vector by removing malicious emails from the user's mailbox.
Dr Guy Bunker, CTO,  Clearswift
October 16, 2019
Attacks are becoming increasingly sophisticated and high profile organisations are top targets.
While it is unclear how the attack was carried out, the majority of ransomware attacks come from weaponised documents which are sent through email or downloaded from a link in an email. Weaponised documents can be effectively neutralised as they cross the organisation boundary using structural sanitisation functionality. However, this isn’t just about technology - educating users to recognise threats is an important step. Furthermore, there is a need for policies and processes in place to ensure that if there is an issue it can be addressed as quickly and effectively as possible. The challenge is that when using a reputable company, such as Pitney Bowes, customers expect they will have great information security. And when it doesn’t, it causes real issues. Had this been a small or unknown company, then the advice would be to go to a bigger player. But not in this case. All businesses need to have a Disaster Recovery and Business Continuity plan, and this should include cyber threats and information supply chain threats as well. Organisations need to have a backup plan for key suppliers - such that in a case like this the disruption is minimised. Unfortunately, we should expect to see a rise in these sort of attacks. Attacks are becoming increasingly sophisticated and high profile organisations are top targets. Top targets particularly include those who provide a service to multiple other organisations - a ransomware attack on those will often result in a knee-jerk reaction to pay the ransomware to get the business and its customers back up and running.
Jake Moore, Cybersecurity Specialist,  ESET
October 17, 2019
Always test the restore process, as this is where so many ransomware victims fall over.
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that if they are targeted, they are more likely to be back online with business as usual in a quicker time frame. I would always recommend testing the restore process, as this is where so many ransomware victims fall over.
Jake Moore, Cybersecurity Specialist,  ESET
October 18, 2019
Companies who demonstrate a simulation attack are far less likely to suffer long term
Patching and protecting networks is always preferable to paying, so I strongly recommend offsite backups and continual staff awareness. This doesn’t have to be expensive, nor time-consuming, and can save both time and money should an attack occur. Companies who demonstrate a simulation attack are far less likely to suffer long term should in the event of an attack. Testing the restoration of backups is essential in these simulations, as many firms who test in a simulated environment say that if they are targeted, they are more likely to be back online with business as usual in a quicker time frame. I would always recommend testing the restore process, as this is where so many ransomware victims fall over.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article