Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

DoppelPaymer Ransomware Strikes NASA Contractor, 2,583 Servers Held Hostage, Data Leaked

Monday, June 15, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

DoppelPaymer ransomware gang published a blog post to congratulate SpaceX and NASA for their first successful human-operated rocket launch. Shortly after, the criminals broke the news that they had infected the network of one of NASA’s IT contractors. The online post said DoppelPaymer ransomware had successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company providing managed IT and cyber security services on demand. Other firms affected by the NASA contractor breach include major Fortune 100 firms that use the firm’s services. The ransomware gang posted 20 archives on the dark web to prove its claims.

Data breached by the DoppelPaymer ransomware gang

Documents released from the breach indicate that DoppelPaymer ransomware accessed a variety of records, including HR documents and project plans from the NASA contractor. The released employees’ details matched those on their profiles on the networking site, LinkedIn.

According to a statement from DMI, “We recently became aware of a data security incident that affected our corporate systems. When we discovered the issue, we immediately took all systems offline, engaged third-party security experts to aid our investigation, and worked to safely restore systems in a manner that protected the security of information on our systems. We are continuing to investigate the incident and we are working to enhance the security of our systems to help prevent this type of incident from occurring in the future.”

DoppelPaymer ransomware operates various online hacking forums where they release samples of compromised data to intimidate the victims into paying the ransom. Failure to pay leads to the release of all files, thus causing the company potentially irreparable damage to the affected organization.

DoppelPaymer ransomware has resorted to tactics employed by another notorious ransomware operator, Maze ransomware, that uses double extortion to force compliance. The affected NASA contractor has not indicated whether ransom negotiations are an option.

REvil (Sodinokibi) ransomware has also begun selling its stolen data instead of leaking it for free when victims refuse to budge. Previous ransomware attacks involved locking the computer users out of the system and holding onto the data if they failed to pay up. However, criminals have become more brutal and will use any means possible to blackmail companies.

Similarly, there is no guarantee that the criminals will release the encryption keys or abstain from selling the data online after receiving the ransom. Thus many companies feel obliged to ignore the ransom demands to avoid rewarding bad behavior or undergoing more losses.

The extent of the cyber attack on NASA contractor

DoppelPaymer ransomware gang published a list of 2,583 servers and workstations they currently hold hostage from the attack. The cybercriminal gang says the devices in question were part of DMI’s internal network. The affected NASA contractor has not released any statement regarding the breach.

Details are sketchy on how DoppelPaymer ransomware managed to successfully carry out such a largescale attack on a reputable NASA contractor. It is, however, very likely the cybergang gained access to the systems by targeting employees working for the affected NASA contractor.

Javvad Malik, Security Awareness Advocate at KnowBe4, says it remains a mystery how DoppelPaymer ransomware succeeded in carrying out such an attack.

“It’s unclear as to how the DoppelPaymer ransomware gang infiltrated DMI, or how far they actually got. However, it raises the important point of ensuring security throughout the supplier and vendor ecosystem. It’s not just enough for organizations to secure their own systems, but they should be conducting due diligence and adequacy checks with all of their partners and suppliers with procedures in place in how to respond to an incident and share information.”

In early April, NASA released a memo informing workers and contractors of a new wave of malware targeting federal employees; warning employees and contractors that cybercriminals were targeting NASA’s electronic devices, networks, and personal devices.

The warning said hackers were targeting the organization hoping to steal sensitive information, spread misinformation, conduct scams, as well as carry distributed denial of service (DDoS) attacks. Unfortunately, NASA’s warning did not prevent the breach from taking place.

Apart from DoppelPaymer ransomware, other threat actors such as Ryuk and Maze ransomware gangs have concerted their efforts to exploit the current COVID-19 crisis to gain unauthorized access to systems.

Concerns over supply chain cyber security

The frequency of successful ransomware attacks against government agencies raises concerns over the security measures adopted by various federal contractors. Another ransomware attack struck a nuclear missiles contractor, Westech International, leaking sensitive information and holding data ransom.

Such contractors form a weak link that cybercriminals exploit to access sensitive information from federal agencies. The largescale attack will probably have dire consequences on the reputation of the NASA contractor.

Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, commented that: “Supply-chain cyberattacks from vendors or business partners can blind-side businesses who haven’t accounted for that potential risk. It’s critical that all organizations perform due diligence on any business partner with access to their data or network.”

He adds that organizations can mitigate such situations by having contractual agreement on data safety measures.

“Effective management strategies can include implementing contractual requirements that all vendors or contractors follow information security best practices and are themselves regularly tested to confirm that no security issues that could threaten the organization are present.”

Accounting for possible disruption of business partners should also be part of risk management. These practices should include safeguards and controls to ensure partners access is segmented from the main IT environment to reduce the potential damage from breaches involving business partners according to Clements.

Photo and Link: https://www.cpomagazine.com/cyber-security/doppelpaymer-ransomware-strikes-nasa-contractor-2583-servers-held-hostage-data-leaked/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search