Ransomware: Businesses under threat
On 14 May, a subsidiary of the Bolloré group based in Congo was the victim of a cyber-attack on ransomware.
There was talk of the group's so-called ransomware. The cyber criminals behind the cyber attack threatened the group with disclosing information they allegedly stole during the cyberattack if it did not respond favourably to their request. Emmanuel Gras, co-founder and CEO of Alsid, who is also a former auditor at the National Agency for Security of Information Systems, noted that such cyberattacks were not isolated. However, he notes that "the target has moved into the logistics sector. Before Bolloré, the Australian industry specialist, Toll Group, had suffered the agonies of Netwalker, also known as Mailto," explains the CEO of Alsid.
This article will also interest you: The Bolloré group attacked by a ransomware
It is for this reason that this specialist has put forward the security of both private and public structures, as a major issue for the next 5 years. He says his current role in his company is to "take stock of companies after an attack and ensure that cyber criminals can't come back."
The creation of the specialized company Alsid responds to the idea of responding to a growing need for security. "We had come to the conclusion that a pattern was repeated in every company in the world: servers, stations and mobiles are managed by a central system, Active Directory, and this one is very attractive to cyber attackers because, once they take possession of it, they can attack the whole company. So we decided to found Alsid to address this major issue." This is the kind of plan that was followed by the hackers behind the Netwalker ransomware. However, the expert noted a marked evolution of long-term motivations."Initially, the motivations were strategic. Data theft was reported in the context of public espionage, between states, industry, or others. More and more, the motivations become financial," says Emmanuel Gras.Let's not forget that the same processes were used against an American law firm called GSMlaw, reputed to have in its clientele big names such as Donald Trump, Madonna, or Lady Gaga. On the other hand, cybercriminals had demanded payment of $42 million as a ransom for not disclosing the confidential information of the firm's clients.
For the start-up Alsid, the protection of corporate networks must start with active Directory. Because in the event of computer attacks, cyber criminals will first seek to gain access and control the core of the system, i.e. Active Directory. "Active Directory," he says, "is a highly critical infrastructure that paradoxically allows a cyber-assailant to infiltrate the entire network very simply, from a single compromised post. A true central access kit, "AD" era of user rights, email accounts, information related to activities or financial data. It is, in most cases, the cornerstone of corporate security." Explains Emmanuel Gras. He adds that the major flaw of this system (Active Directory) is none other than its complexity, because, "Rather than making a clear distinction between administrators who can do anything and others, it assigns more or less rights among dozens of possible to each user. So much so that the list of people with their responsibilities is illegible and, without a platform like Alsid's that monitors AD's weaknesses, it becomes impossible for security teams to identify suspicious behaviors on the network. ».
The expert shares a situation experienced in this context where he had the opportunity to take a closer look at the problem: "During an audit, for example, we saw an AD group called DNSadmin that allocated access rights to the profiles in charge of the network. Of these, most were not directors and therefore appeared harmless. However, their group gave them the opportunity to join other groups through which they could obtain administrative rights on certain systems." According to Emmanuel Gras, establishing a monitoring of user activity was not a process already established. This means that it was enough for a single one to take by a phishing attack for cyber-prisoners to have access to very important information.
Now access an unlimited number of passwords: