Alex - Fotolia

Lax perimeter security exposes bank to hacker extortion attempt

Failure to follow standard network security best practice has exposed a Californian investment bank to cyber criminals’ demands

Hackers have attempted to extort money from an investment bank in California after bypassing network defences to steal documents.

WestPark Capital, based in Los Angeles, is the latest target of a hacking group calling itself TheDarkOverlord that has attempted to extort money from several healthcare organisations.

The hackers published links to fewer than 20 stolen documents online after WestPark Capital refused to pay the group to keep quiet about the hack, according to Motherboard.

The documents included non-disclosure agreements, internal presentations, reports and contracts.

The hacking group emerged in June 2016, when it threatened to release records stolen from healthcare organisations if they ignored demands for payment.

The group is reportedly using similar tactics with WestPark, threatening consequences if the bank fails to negotiate.

Security advisers and law enforcement agencies typically encourage organisations not to give in to cyber extortion demands, arguing that paying a ransom only helps to fund cyber crime operations and further entrench these money-making scams.

According to security firm Lastline, the hackers appear to have taken advantage of a vulnerability in the Microsoft Remote Desktop Protocol (RDP).

Read more about ransomware

  • Businesses still get caught by ransomware even though straightforward avoidance methods exist.
  • Criminals used devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, said security firm Damballa.
  • The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
  • The Cryptolocker ransomware caught many enterprises off guard, but there is a defence strategy that works.

“This is a standard technical tool for remote management of server devices and, frankly, their network perimeter security must have been lax for this to have ever worked,” said Jamie Moles, security consultant at Lastline.

“It is normal security practice to limit the RDP on firewalls to allow only certain IP addresses to access your systems and it looks likely that WestPark failed to implement this basic step,” he added.

The fact that traditional hacking methods are still effective highlights the reality that many organisations – including banks and financial institutions – are still failing to ensure they are following standard security best practice guidelines.

Moles believes it is unlikely that WestPark’s stance will change other businesses’ approach to paying ransoms.

“In this particular case, the company has not lost access to any data as typically happens in a ransomware attack, so the urgency to pay is significantly reduced,” he said.

Read more on Privacy and data protection