Ransomware, fileless attacks and cold boot give firms the shivers
1 min read . Updated: 23 Sep 2018, 11:29 PM IST
PremiumA look at how new breeds of cyberattacksransomware, fileless attacks and cold bootare affecting systems worldwide
New Delhi: Bristol Airport authorities were recently forced to take their flight information system displays offline for two days to contain a ransomware attack. The authorities dismissed the ransom demand and decided to rebuild the affected systems. For two days, flight status information was displayed on whiteboards and there was an increase in announcements over the speakers. Similarly, in the last few months there have been several cyberattacks targeting hospitals, city administration and sporting events. The servers of the US-based PGA were reportedly hit by ransomware attacks right before the PGA Championship in the first week of August.
A new ransomware called Everlasting Blue Blackmail Virus, which targets Windows PCs using spam and phishing campaigns, flashes former US President Barrack Obama’s image with the ransom message. Once the ransomware gains entry into the system, its looks for all .exe (executable) files and encrypts them, preventing users from running apps until the ransom is paid.
Hot on the heels of the cyberattack on the town of Valdez in Alaska, Canadian town Midland in Ontario was hit by a ransomware attack in the first week of September. Hackers broke into the city database involving fire, water, and waste management and blocked access, demanding ransom.
Fileless attacks
A major concern for cybersecurity experts is the fileless attacks, which are hard to detect. These attacks do not install a malicious software to infiltrate a victim’s computer, which makes it difficult for anti-virus solutions to detect them. According to Ponemon Institute, 35% of all cyberattacks in 2018 were fileless, while security solution provider Carbon Black claims that fileless attacks accounted for 50% of all successful data breaches targeting financial businesses.
Fileless attacks target legitimate Windows tools such as PowerShell (a scripting language which can provide hackers unrestricted access to Windows API) and Windows Management Instrumentation (used by admins). By latching on to these tools, hackers gain control over the PC and eventually the organization’s database.
Cold boot
In another recent development, researchers at F-Secure have come across a new vulnerability affecting PCs. Dubbed as cold boot, the attack can be carried off using a special programme through a USB drive connected to a PC. Using the programme, the hacker can disable the memory overwriting by rebooting the system, without a proper shutdown. The attack can be used to break into company system which might have access to the company network.
