Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
On October 27th, Lockbit claimed to have breached Boeing and threatened to leak a massive amount of sensitive data. Three days later, the threat group removed the aircraft company`s name from the victim list.
At first, hackers posted a message on their data leak site that said:
Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!
However, the attackers said they were not planning to disclose any samples for the moment, to protect the company. They didn`t mention what was the amount of stolen data, or how high the ransom price was.
Breaking
LockBit allegedly breached Boeing.@Boeing pic.twitter.com/cwBwSzXqoX
— Dominic Alvieri (@AlvieriD) October 27, 2023
On the other side, Boeing only announced they were investigating the alleged breach and made no further comments.
The payment deadline was November 2nd, but now Boeing`s name no longer appears on Lockbit`s victim list. As Boeing did not yet confirm the data breach, this opens two possibilities. Either Lockbit`s claim was fake, or the company agreed to pay the ransom.
How to keep data safe from LockBit Ransomware
According to CISA`s June Advisory, LockBit was the most active ransomware as a service (RaaS) provider in 2022. Also, the threat group poses an extremely complex challenge for security teams:
Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). This variance (…) presents a notable challenge for organizations working to maintain network security and protect against a ransomware threat.
CISA Security Advisory, June 14th 2023
Researchers warn that LockBit affiliates not only exploit new, but also old vulnerabilities like CVE-2021-22986, F5 iControl REST unauthenticated Remote Code Execution.
This is why keeping all OSs, applications, and firmware up to date on all devices is high on the prevention measures checklist. In medium and large companies, this is usually a time and resource consuming task. Automated Patch Management solutions are the key to maintaining an updated, safe digital perimeter.
LockBit ransomware prevention measures
- Implement DNS filtering to block any potentially malicious inbound or outbound communication. This is how DNS security helps prevent ransomware attacks
- Use end-to-end encryption for sensitive data transfers. If hackers manage to steal your data, they won`t be able to read and sell them
- Apply network segmentation to prevent ransomware from spreading across the whole system
- Also apply the Principle of Least Privilege (POLP)
- Use a Multi-Factor Authentication solution
- Implement time-based access for admin or higher-level accounts
- Implement email filtering to reduce the risk of phishing emails getting in the employees` inboxes.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
