The Trillion dollar industry
At the time of writing, the Waikato DHB cyber-attack is ongoing. The government is refusing to pay the ransom as a point of principle, and it looks like every possible tool at their disposal is being used to try to recover the situation.
Should they just pay the ransom? Or should the government go further and make it illegal to pay ransoms in New Zealand? That’s the question that Minister Kris Faafoi is having to assess at the moment. DHB attack: Why Justice Minister Kris Faafoi won’t make it illegal to pay a cyber-ransom – NZ Herald
Cyber crime is big business. We’ve called it organised crime in previous articles and we’re happy to stick with that. These organisations recruit the best and brightest out of the top universities, and give them both the latest tools and time to wreak havoc. Their recruits are paid astronomical sums to work for them, overcoming any moral objections with immorally large pay checks. These paychecks are funded by the proceeds of previous hacks. Every time they are paid, their war chest is strengthened. For example, we recently saw the Colonial Pipeline in the eastern US get hacked for 75 bitcoins (just under US$4M) which went to a criminal group called ‘Darkside”.
So, will cutting off payments stop their attacks by removing the incentive?
These criminals are smart and highly motivated. They seem to have no conscience but plenty of greed. Waikato is not only the hospital being brought down – there was a huge wave of hospital attacks in the US in October, just a few months ago – Several hospitals targeted in new wave of ransomware attacks – CNNPolitics.
I don’t know how Waikato DHB got infected, but the rumour is that it was from phishing attacks onto machines that weren’t fully patched up to date. We don’t know if that is true, but it is a common attack vector. Once a hacker gets into a system, they often hold back and try to dig further looking for more vulnerabilities they can exploit. The more damage they can cause, the more ransom they can demand, so they will often use one vulnerability to find the next, and so on until they finally have enough to bring the house down.
Security is all about layers. There is NO way to prevent attacks, and it is impossible to guarantee that any system is invulnerable. We saw that with the recent Hafnium attack where a vulnerability was exploited before patches were available to block it. But the more layers of security, the harder you make it, and you reduce the scope of any harm.
Today, even if you have the best backups and can recover the system, the hackers then threaten to release the data you hold to media or competitors. In the case of the Waikato DHB, it is being reported that personal data is being released to media by the hackers to increase pressure, even as they fail to stand their systems up.
As to paying the ransom, I suspect your perspective changes when your business, your job or livelihood is threatened. Not an easy decision and hopefully one we can avoid by being paranoid.
The best solution we can recommend is to check your cyber insurance and to apply the best security you can reasonably afford, which should be more than you had last year. Expect it to be more again next year as new tools and new threats emerge. Consider managed security solutions like our KARE Plans.
We don’t know where this will end, or if it will end, but let’s hope so. It is such a drain on our resources and holds us back from investing in tools that make us more productive.
New reports in your Kinetics Portal
Thank you for the great feedback about our new client portal. Even so, we're not stopping there! We are already rolling out new capabilities to it. We're adding new reports, scheduled for availabilty in November. When you check your reports in the Client Portal,...
Webinar Replay: Are you (really) insured for a cyber-attack Trends in cyber- insurance and what you can expect
Are you (really) insured for a cyber-attack? Learn the latest trends in cyber- insurance and what you can expect.The latest CertNZ data tells us that 43% of cyber-attacks in NZ were aimed at small business. Even worse is the number of businesses that cease trading as...
Oh no, the worst has happened! Now what?
When we talk to people about the different risks that their organisation might face, one of the events that has the highest likelihood, and would have the biggest impact, is a significant cyber-event. The worst-case scenario would be a ransomware event, where the bad...
What can you expect in Windows 11 Update 24H2?
Enhancing User Experience with the Latest Microsoft Update for Windows 11.Microsoft has recently unveiled a new release that promises to bring a host of improvements and features designed to enhance user experience and performance. This release includes several...
The History and Innovations of Bluetooth and NFC: Understanding Their Potential and Risks
Bluetooth and NFC share several similarities. Both technologies utilise short-range wireless communication to facilitate the exchange of data between devices without the need for physical connectors. They have revolutionised modern conveniences such as contactless...
New Features in Microsoft Teams Whiteboard
Recent updates to the Microsoft Teams Whiteboard app bring whiteboard interactivity to Teams meetings. Sticky Notes: Easily add and move sticky notes around the board to organize thoughts and ideas. This is particularly useful for brainstorming sessions and agile...
Copilot AI Readiness Workshop Registration Successful
Thank you for registering! Workshop Details Date: 1 May (Thursday) Time: 8.45 coffee ahead of a 9.00am start Location: Kinetics Group, Level 1, 11 Leslie Hills Drive, Riccarton, Christchurch 8011 We look forward to seeing you there and helping you get more from...
Is your 365 data ready for Copilot and AI? (Christchurch free event)
Don't miss out - Limited Places Reserve your seat today Date: 22 October (Tuesday) Time: 8.45 coffee ahead of a 9.00am start Location: Kinetics Group, Level 1, 11 Leslie Hills Drive, Riccarton, Christchurch 8011Join us for an interactive free workshop AI and Microsoft...
DEAF Aotearoa’s lasting partnership with Kinetics
Not-For-Profit finds consistent value over time Over the course of more than a decade, not-for-profit Deaf Aotearoa has benefited from consistent value from its relationship with managed services provider Kinetics. Deaf Aotearoa is the national organisation...
What is happening with NZ Cyber crime?
SME Cyber Security InsightsThe National Cyber Security Centre (formerly NZ Cert) sheds light on the cyber security practices of small and medium-sized enterprises (SMEs) in New Zealand. These insights are crucial, especially given the evolving threat landscape. Here...