The realities of ransomware: Five signs you’re about to be attacked

The realities of ransomware: Five signs you’re about to be attacked
Image of Peter Mackenzie. (Supplied)
Short Url
Updated 20 January 2021

The realities of ransomware: Five signs you’re about to be attacked

The realities of ransomware: Five signs you’re about to be attacked

Whenever we work with ransomware victims, we spend some time looking back through our telemetry records that span the previous week or two. These records sometimes include behavioral anomalies that (on their own) may not be inherently malicious, but in the context of an attack that has already taken place, could be taken as an early indicator of a threat actor conducting operations on the victim’s network.

If we see any of these five indicators, in particular, we jump on them straight away. Any of these found during an investigation is almost certainly an indication that attackers have poked around: To get an idea of what the network looks like, and to learn how they can get the accounts and access they need to launch a ransomware attack.

Attackers use legitimate admin tools to set the stage for ransomware attacks. Without knowing what tools administrators normally use on their machines, one could easily overlook this data. In hindsight, these five indicators represent investigative red flags:

1. A network scanner, especially on a server

Attackers typically start by gaining access to one machine where they search for information: Is this a Mac or Windows, what’s the domain and company name, what kind of admin rights does the computer have, and more. Next, attackers will want to know what else is on the network and what can they access. The easiest way to determine this is to scan the network. If a network scanner, such as AngryIP or Advanced Port Scanner, is detected, question admin staff. If no one cops to using the scanner, it is time to investigate.

2. Tools for disabling antivirus software

Once attackers have admin rights, they will often try to disable security software using applications created to assist with the forced removal of software, such as Process Hacker, IOBit Uninstaller, GMER, and PC Hunter. These types of commercial tools are legitimate, but in the wrong hands, security teams and admins need to question why they have suddenly appeared.

3. The presence of MimiKatz

Any detection of MimiKatz anywhere should be investigated. If no one on an admin team can vouch for using MimiKatz, this is a red flag because it is one of the most commonly used hacking tools for credential theft. Attackers also use Microsoft Process Explorer, included in Windows Sysinternals, a legitimate tool that can dump LSASS.exe from memory, creating a .dmp file. They can then take this to their own environment and use MimiKatz to safely extract usernames and passwords on their own test machine.

4. Patterns of suspicious behavior

Any detection happening at the same time every day, or in a repeating pattern is often an indication that something else is going on, even if malicious files have been detected and removed. Security teams should ask “why is it coming back?” Incident responders know it normally means that something else malicious has been occurring that hasn’t (as of yet) been identified.

5. Test attacks

Occasionally, attackers deploy small test attacks on a few computers in order to see if the deployment method and ransomware executes successfully, or if security software stops it. If the security tools stop the attack, they change their tactics and try again. This will show their hand, and attackers will know their time is now limited. It is often a matter of hours before a much larger attack is launched.

Sophos’ next-gen cybersecurity solutions to stop ransomware

Sophos offers layered IT security for defending against the latest ransomware. Sophos not only provides best protection at every point, but also provides threat intelligence sharing between all these security points with synchronized security.

Sophos XG Firewall prevents attacks from getting onto a network. In the event ransomware does happen to get onto a network, Sophos XG Firewall can automatically stop ransomware dead in its tracks thanks to integration with Sophos Intercept X.

Sophos Intercept X Advanced with EDR includes anti-ransomware technology that detects malicious encryption processes and shuts them down before they can spread across the network. 

The Sophos Managed Threat Response (MTR) service adds human expertise to an organization’s layered security strategy. An elite team of threat hunters proactively look for and validate potential threats, and then take action to disrupt, contain and neutralize attacks. 


Bosch and Dragon/Penske Autosport begin long-term partnership in Formula E

Bosch and Dragon/Penske Autosport begin long-term partnership in Formula E
Updated 24 February 2021

Bosch and Dragon/Penske Autosport begin long-term partnership in Formula E

Bosch and Dragon/Penske Autosport begin long-term partnership in Formula E
  • Bosch planning to develop an entire electric powertrain for Formula E for the Gen3 cars

Bosch Motorsport and the Dragon/Penske Autosport Formula E Team have agreed on a long-term technology and engineering partnership for the Los Angeles and UK-headquartered racing team’s cars in the ABB FIA Formula E World Championship.

Within the framework of this cooperation, Bosch will be developing an electronic vehicle management system specially tailored to the requirements of the Formula E vehicle along with the corresponding hardware and software components required.

The system core is represented by the central MS 50.4P vehicle control unit (VCU). Apart from the motor functions and central energy management, the MS 50.4P also controls other vehicle functions such as brake energy recovery and the display in the driver cockpit.

“Collaboration with Dragon enhances our successful involvement as a series sponsor of Formula E. With this partnership, Bosch underscores its claim as a leading supplier of powertrain management solutions, both in electromobility for production vehicles and in electrified motorsports,” said Dr. Markus Heyn, member of the board of management at Robert Bosch GmbH.

Plans entail deploying the innovative vehicle management system in a race for the first time in spring 2021. Preparations are already underway. Bosch is also planning to develop an entire electric powertrain for Formula E for the Gen3 cars.

Jay Penske, owner and team principal of Dragon/Penske Autosport, added: “We are very excited to embark on this journey with Bosch in Formula E. We are grateful for the support of Bosch Engineering and the entire Bosch Global board.

“Through our work together we will provide Bosch with a platform to both showcase its capabilities as it develops Formula E specific technologies, while also using the team’s storytelling abilities to illustrate the role Bosch is playing as a leader in the electrification of the mobility industry. This long-term technical partnership marks a significant turning point for the team, and I look forward to seeing the fruits of our alliance on track this season when we introduce our new Penske Autosport package later this year.”

Extensive technology package offered by Bosch

The central VCU, offered by Bosch represents the heart of the vehicle electronics for the electric race cars of the Dragon/Penske Autosport team. Bosch has developed a bespoke vehicle wiring harness to provide optimum integration within the cars. Bosch also equips the team’s development car with data loggers to improve the team’s research and testing capabilities. In order to optimally adapt the new vehicle electronics to the overall vehicle, Bosch provides its RaceConnect LTE cloud solution during development and test driving for transferring telemetric data and data analysis. This provides the race team engineers with all the important parameters and data on the vehicle, powertrain, and tires, enabling them to be analyzed and optimized swiftly and efficiently.

As the Formula E regulations prescribe the use of many systems, the performance of the electronic system makes a decisive contribution to racing success. “When optimizing the control software, we aim to always strike the right balance between energy efficiency and lap times under all track and racing conditions in order to optimally exploit the vehicle’s full potential. The extensive transfer of know-how and expertise at Bosch between volume production developments and applications for the race track helps us in this regard,” said Dr. Klaus Böttcher, vice president Bosch Motorsport. Moreover, with the race energy management function of the MS 50.4P the vehicle’s driving performance is adapted dynamically so that the fastest possible lap time can be achieved with a specified amount of energy. What is more, the central vehicle control unit also ensures maximum energy recovery rates in the interplay between the electric and hydraulic brakes, and adapts the powertrain and brakes to the individual race conditions, thereby optimizing vehicle feedback to the driver.

Nicolas Mauduit, EVP and chief technical officer of Dragon/Penske Autosport, said: “This alliance with Bosch is providing us with additional resources, amplifying our ability to scale our engineering, while giving us access to Bosch’s combination of hardware and software expertise to help us compete with the largest OEMs, in the most competitive motorsport championship. We have been hard at work together in order to hit the ground running this season, and I am eager to see the results of our efforts when the new Penske EV-5 package, supported by the Bosch electronic and hardware ecosystem, makes its debut this spring.”


Rasanah annual report provides in-depth analysis of Iranian affairs in 2020

Rasanah annual report provides in-depth analysis of Iranian affairs in 2020
Updated 24 February 2021

Rasanah annual report provides in-depth analysis of Iranian affairs in 2020

Rasanah annual report provides in-depth analysis of Iranian affairs in 2020

The International Institute for Iranian Studies (Rasanah) has published its Annual Strategic Report 2020, which provides in-depth data analysis on the interactions and developments in Iran last year. The report provides a clear picture of Iranian affairs and interactions, most prominently in the context of the emergence of a new international environment against the backdrop of the coronavirus pandemic — China has maintained its strong presence in the international arena in the post-COVID-19 world.

Despite the recent divisions generated by the departure of former US President Donald Trump from the White House, the report affirms that US policy is not solely crafted by Republicans and Democrats, but by US national institutions and national security interests. The report provides clarity on the phenomena of political Islam as local factions and organizations aspire to usurp power in many Arab and Islamic countries. This has become a serious concern for several countries, both in the East and the West.

By studying Iran’s intertwined files, its consecutive interactions and ramifications, the report reviews Iran’s internal affairs as follows: Ideologically, Iranian clerics have faced scathing public criticism amid rising political tensions. The deterioration of the economic and political situation at home has greatly exacerbated the most severe social problems.

The Economic File unveils the most important variables that have made the Iranian economy deteriorate further: US sanctions, the spread of the coronavirus pandemic, and the government’s continued adherence to the policy of the “resistance economy.”

In Arab Affairs, the report discusses the renewed cooperation between the Gulf states and and their diplomatic efforts to highlight the risks of Iran’s behavior in the region and the threat Iran poses to international security and peace. It also reviews the escalation of the Houthis in Yemen by launching missile and drone attacks targeting neighboring countries and international maritime navigation; how Iraq has turned into a battlefield for confrontation between Iran and the US; the enrichment of Iranian influence in Syria; and the continuous suffering of the Lebanese people due to Hezbollah’s hegemony on Lebanon’s political life.

In International Affairs, the report argues that international interactions still affect Iran at all levels due to the “maximum pressure” campaign of the US and the ramifications of the nuclear file on Iran’s international relations. The report also discusses the steady economic cooperation between Iran and Russia and mainly focuses on Iran-Europe relations in regard to the nuclear file, Iran’s human rights record, and the countermeasures to address the coronavirus pandemic.

The report touches upon China’s support toward Iran against the US move to extend the UN arms embargo imposed on Tehran, reviewing the long-term comprehensive agreement concluded between the two countries. It also discusses how Iran’s relations with India and Pakistan are affected by the US position. This is in addition to discussing how Iran and Afghanistan kept their relations active. The report discusses Iran-Turkey relations in relation to the Syrian crisis and the Nagorno-Karabakh conflict and their mutual political, military and economic convergences. Further, it underscores that Iran’s relations with the Central Asian states are politically and economically stable. The report concludes that Iran in 2020 was mainly keen to pursue appeasement and rely on the “wait and see” policy, i.e. betting on time.

The report forecasts that Iran in 2021 is likely to face deeper internal crises, more intense interactions with the new US administration, growing divergence with the Europeans and the loss of its influence in Syria and Iraq. It does not forecast a potential breakthrough between Iran and the Gulf states.

Finally, the report concludes that the Gulf states have realized the risks and looming threats of Iran, the need for better political understanding and to integrate their defense capabilities to curb Iran’s potential threats in addition to cooperate with their strategic allies across the world. 

 


Carrefour boosts food traceability with IBM Cloud

Carrefour boosts food traceability with IBM Cloud
Updated 24 February 2021

Carrefour boosts food traceability with IBM Cloud

Carrefour boosts food traceability with IBM Cloud

Majid Al-Futtaim, which operates shopping malls, communities, and retail and leisure destinations across the Middle East, Africa and Asia — owner and operator of the Carrefour franchise in these regions — and IBM announced that the company has joined IBM Food Trust, a blockchain-enabled global ecosystem for the food industry run on IBM Cloud. 

Carrefour will become the first retailer in the region to offer new levels of insight and transparency to its customers about the provenance of their food via end-to-end visibility on products throughout its supply chain, promoting increased quality, credibility and safety for its shoppers.

The initiative will start with two initial product categories — Carrefour’s own fresh chicken brand and microgreens harvested from select in-store hydroponic farms — before expanding into more product lines. All participants in this initiative across the supply chain will benefit from a smarter and more sustainable food ecosystem. The digitization of transactions and data provides a more efficient way of working across the supply chain for growers, processors, shippers, retailers, regulators, and consumers. 

By simply using their smartphone to scan a QR code on participating products such as Carrefour’s fresh chicken, customers will be able to get immediate access to actionable food supply chain data, from farm to store shelf. The history of the product, including production process, halal and hygiene certifications, date of birth, nutrition information and temperature data, will be readily available once uploaded onto the blockchain.

The growing demand for food traceability is evidenced by research conducted by the IBM Institute for Business Value, showing that 73 percent of those responding to a survey said traceability of products is important to them. Of those who said it was very important, 71 percent of respondents indicated they are willing to pay a premium for brands that provide it.

“Trust in the food supply is becoming increasingly important worldwide, a trend accelerated by changing consumer demands and the subsequent health and well-being concerns arising from the COVID-19 pandemic,” said Hani Weiss, chief executive, Majid Al-Futtaim Retail. “It is therefore imperative for us to invest in ensuring quality throughout the value chain while simultaneously working to build robust customer trust and loyalty. In meeting the new market expectations, we are now offering enhanced food traceability for our valued Carrefour customers and improved operational efficiency for our business.”

Majid Al-Futtaim is engaging with its supplier partners to enable broader participation in this initiative, giving Carrefour customers access to traceability details across diverse products throughout the UAE, before introducing it to other Carrefour markets operated by the company in the Middle East, Africa and Asia.

“Thanks to the availability of advanced cloud-based, blockchain technology and the commitment of Majid Al-Futtaim to deliver the highest quality to its customers, we are proud to be using this supply chain solution to provide the very best in quality, safety and trust to our customers in the markets we operate in,” said Nalla Karunanithy, chief digital officer at Majid Al-Futtaim Retail.


Saudi fintech Tweeq offers new app-based spending account

Saudi fintech Tweeq offers new app-based spending account
Updated 24 February 2021

Saudi fintech Tweeq offers new app-based spending account

Saudi fintech Tweeq offers new app-based spending account

Tweeq, a Saudi fintech that aims to provide a feature-rich spending account for individuals and SMEs, has signed exclusive partnership agreements with Mastercard, a leading technology company in the global payments industry, and Paymentology, a cloud-based issuer payment processor.

The partnerships aim to ensure a first-class customer experience through the provision of innovative digital payment solutions including a spending account and contactless cards and will enable a range of seamless payment experiences. The partnership with Mastercard and Paymentology are in line with Vision 2030, which aims to develop the fintech environment and provide financial inclusion for all sections of society.

The initiative will provide individuals and small businesses based in Saudi Arabia with a seamless money management experience, enabling consumers to send and receive money, pay bills, shop online, make card purchases, set financial goals and withdraw cash at their fingertips.

Tweeq CEO Saeed Al-Bahairi said: “We are pleased to enter into partnerships with Mastercard and Paymentology to provide an unparalleled customer experience. Through the partnerships our app-based accounts will enable our clients to connect and manage their money better, through a range of innovative financial digital solutions, in line with the digital transformation goals of Vision 2030.”

Khalid Elgibali, division president, MENA, Mastercard, added: “Through its partnership with Mastercard, Tweeq will be able to offer the best smart money solutions in the Kingdom. The unique digital experience will offer low-cost and fast turnaround times. It will provide a seamless, smart money management platform aimed at the financial needs of a predominately young population who run their lives on their smartphones and want payment solutions at their fingertips. The long-term plan is to launch Tweeq initially in Saudi Arabia and expand it throughout the Middle East and Africa.”

Paymentology founder and CEO Shane O’Hara also welcomed the new partnership, saying: “The Paymentology platform is rapidly gaining global recognition as the leading, cloud-native processor on the market. The Paymentology full life-cycle card processing environment enables Tweeq to provide a best-of-breed digital wallet experience. The platform’s proven banking-grade scalability will allow Tweeq to rapidly expand its offering beyond Saudi Arabia and into other regions. We are delighted to be a part of the Tweeq journey.”


SABB contributes to future of trade in Middle East

SABB contributes to future of trade in Middle East
Updated 24 February 2021

SABB contributes to future of trade in Middle East

SABB contributes to future of trade in Middle East

The Saudi British Bank (SABB) was the platinum sponsor of the Global Trade Review MENA conference, which is widely recognized as the most comprehensive and long-established trade finance gathering in the Middle East. The event — held virtually between Feb. 15-17, was attended by a group of decision-makers, senior experts, professionals, and leaders in the trade finance sector from various governmental and private institutions in the region.

The event welcomed more than 800 key figures, from regional and global markets and provided access to hundreds of companies engaged in international trade, all of whom are keen to discuss their financing priorities and the future of trade in the Middle East. Agenda themes included infrastructure demands and requirements, and the role of new technologies and innovations in creating a thriving environment for conducting trade business.

Majed Najm, deputy managing director, corporate and institutional banking at SABB, said: “Our participation in this significant conference is a testament to the Kingdom’s pivotal role in the region. Saudi Arabia is making positive changes to the future of trade as it undergoes major strategic transformation led by Vision 2030. The conference also spotlighted how SABB is pioneering new technologies to more efficiently support the trade finance requirements of companies, from multinational corporations to SMEs.”