Home » Cyber Security News » Maze ransomware hits US giant Cognizant

Maze ransomware hits US giant Cognizant

Maze ransomware hits US giant Cognizant

maze-ransomware

maze-ransomware

The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze.

The three-paragraph statement offers little detail except, perhaps, the most telling:

Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.

That one word, Maze, hints that the company is already steeling itself to report the ransomware attack as a full-blown data breach.

Maze has been blamed for extorting a succession of large organisations since last summer, and is known for stealing as well as encrypting files in an innovation used by the criminals to increase the pressure on victims to pay up: We’ve scrambled your sensitive files but will also leak them to the world if we don’t get what we want.

For US companies, a data breach is a big deal which brings with it regulatory oversight as well as hefty potential costs if any customer information is found to be part of the stolen data.

It’s also commercially awkward to admit an attack is causing problems for customers even if the company is far from the only prominent name affected by Maze in recent months.

In late March, Swiss cyber-insurance company Chubb admitted it had been hit by an unidentified attack, which some took to confirm an unverified claim by the Maze gang that it had successfully stolen data from the company weeks earlier.

The attackers even, cheekily, justified their actions in a statement that reportedly began:

We want to show that the system is unreliable. The cybersecurity is weak. The people who should care about the security of the information are unreliable. We want to show that nobody cares about the users. […] Now it’s our turn. We will change the situation by making irresponsible companies pay for every data leak.

In January, Naked Security reported on a confirmed Maze attack in December which so annoyed the victim company, cable maker Southwire, that it filed a civil suit against its makers that mentioned the ransom demand of $6 million in Bitcoins.

If these and a series of others credited to Maze in recent weeks serve as a warning, what are they a warning against?

The short answer is a ragbag of tactics that read like a penetration test gone rogue.

That could include known vulnerabilities in any kind of privileged asset such as load balancers to Microsoft Remote Desktop Protocol (RDP) servers. If it can’t reach these directly, there’s always standard phishing attacks and boobytrapped Word attachments to fall back on in the search for a network foothold.

None of this is exactly hard to predict. In December, the FBI even put out a private warning about Maze tactics to US organisations.

The challenge is that today’s successful compromises reflect the security weaknesses that have built up from yesteryear. Companies sometimes suspect that they have weaknesses but simply fail to find them as quickly as the attackers do.

How to protect yourself from ransomware

  • Pick strong passwords. And don’t re-use passwords, ever.
  • Make regular backups. They could be your last line of defense against a six-figure ransom demand. Be sure to keep them offsite where attackers can’t find them.
  • Patch early, patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
  • Lock down RDP. Criminal gangs exploit weak RDP credentials to launch targeted ransomware attacks. Turn off Remote Desktop Protocol (RDP) if you don’t need it, and use rate limiting, two-factor authentication (2FA) or a virtual private network (VPN) if you do.
  • Use anti-ransomware protection. Sophos Intercept X and XG Firewall are designed to work hand in hand to combat ransomware and its effects. Individuals can protect themselves with Sophos Home.

 

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket