With the Caribbean’s hurricane season under way, businesses have a clear reminder to re-evaluate their storm response and recovery plans. Meanwhile, another major ransomware attack sent a reminder to dozens of businesses across the globe late last month that dangers beyond Mother Nature can threaten operations.
The self-replicating Petya ransomware attack took several international companies by surprise, including shipping giant Maersk and pharmaceutical company Merck.
The outbreak demonstrated an even-more sophisticated line of attack than the WannaCry hack in May, which similarly used the U.S. National Security Agency’s EternalBlue exploit, leaked by hackers earlier this year. The malware takes advantage of remote execution vulnerabilities in older Microsoft systems to spread from computer to computer.
Unlike WannaCry, Petya does not contain an obvious kill-switch. It also incorporates another NSA exploit, EternalRomance, and a hacking tool used to extract passwords from infiltrated networks.
While no official reports against the attack were made in the Cayman Islands, the outbreak hit at least a dozen countries across North America, South America and Europe, according to analysis of public data from Deloitte’s risk advisory team in Grand Cayman.
Speaking less than a week before the outbreak, KPMG cybersecurity principal Micho Schumann warned business leaders at a hazard management workshop to prepare for just such a scenario.
“Cybersecurity now lies with management. The days of pushing this down to IT are long gone,” Schumann told the workshop audience at the Grand Cayman Marriott. “Whereas I used to meet with clients and the first person I would be directed to was the IT director, now I come to meetings and I’m meeting with the CEO and the IT director.
“If you are management, you need to ask yourself tough questions. Who’s responsible for information security? If you’re a big enough organization, a shared responsibility might not be enough.”
He pointed to the WannaCry attack as an example of an easily avoidable disaster. The attack targeted a vulnerability in older Microsoft systems.
Months before the attack, however, Microsoft released a patch addressing the weakness found in both WannaCry and Petya. Only machines that were not or could not be updated were affected.
“Companies had a full two months to protect themselves against the attack. Completely unacceptable,” Schumann said.
Now that Cayman’s Data Protection Law has been approved, he urged companies to revise their strategies for safeguarding client information to avoid legal liability. The law, which protects sensitive personal data, provides for up to $100,000 in fines for violations.
He advised companies to consult with legal counsel to ensure they are in compliance.
“If you are regulated, our local regulator is looking at the confidentiality, integrity and availability of your client data,” he said.
The stereotypical teenager of yesterday no longer reflects the full reality of cybercrime, he added. Hacktivists, disgruntled employees and state-sponsored espionage can all pose a threat to business.
Schumann directed one disaster scenario at the shipping and port executives in attendance.
“When dealing with a large infrastructure projects, like a port, it would be really interesting if, for example, one of the nations wanted to hack into email systems and figure out how much do they really want to pay for this project? Who are my competitors?” he said.
“That would be really good information. These nations are hacking for their national interest to advance their economies.”
Tropical Shipping’s Jennifer Nugent-Hill implored companies to think of the unthinkable and reformulate their business plans to account for regional threats, including cybercrime.
“The Caribbean has become extremely vulnerable. Hackers think we are very relaxed, man, that sun and fun is all we do,” said Nugent-Hill, director of governmental and community affairs for Tropical Shipping.
The ability of the Petya attack to take down a giant like Maersk resonated with the shipping industry, which has long been vulnerable to threats targeted at navigation systems and trade data.
The outbreak successfully disrupted operations at several major ports. While Cayman’s shipping sector was not affected, the Port Authority advised businesses to stay alert.
“This does not mean that Cayman is not vulnerable to this or other similar attacks,” a Cayman Port Authority spokesperson said. “The initial indications are that the attacks are started through emails and then spread through the company’s network via the same vulnerabilities that WannaCry used earlier this year.
“It is very important that companies ensure that they have implemented the latest patches from Microsoft (which fixed the vulnerabilities in Windows months ago), follow security best practices to protect their networks and train their staff on IT security.”
Small shipping company Karatzas Marine Advisors, with business ties in Grand Cayman, said the attack prompted greater concern about the vulnerability of maritime operations.
“I do think that shipping necessarily was the target. They seem to hit different industries, and definitely Maersk is a very visible target in the shipping industry,” CEO Basil Karatzas said.
He pointed to other attacks directed at the shipping industry, including hacks into the navigation equipment of super-yachts and commercial vessels.
“It’s a concerning development overall for our society, and not (just) necessarily for shipping. However, with shipping, it could easily have huge impact on everyday life,” he said, adding that such hacks can have a detrimental effect on trade.
The Royal Cayman Islands Police Service encourages businesses to report attacks so that law enforcement can track threats. The service did not offer advice as to whether hacking victims should pay ransoms.
The Petya attack demanded users pay US$300 in bitcoin to recover encrypted files. The email address provided for payment was shut after several hours, however, indicating that many victims who paid the ransom could not retrieve their data.
A Deloitte risk advisory senior manager indicated that Petya is just one of many recent ransomware alerts. Other recent ransomware variants include SamSam, re-emerging Locky, a new TeslaWare, and a Shifr ransomware currently in development.