"According to a report in HackerNews, KNP Logistics Group, which had been in business some 158 years, recently shut its doors. Why? One of its employees had an easily guessed password. There was no sophisticated phishing attack or zero-day exploitation. The hacker just got into the company's system and found an employee who didn't use multifactor authentication. Then, using highly sophisticated logic and complicated algorithms (aka someone who doesn't have multifactor authentication probably has an easy-to-guess password), they punched in 1-2-3-4"
"Once in, the hackers had a field day. They deployed ransomware across the whole infrastructure. Then, perhaps just to get a good laugh at the employee and the company, they destroyed the company's backup and recovery systems. So, there was no way for the company to recover anything. One Slight Miscalculation But the hackers did make a slight miscalculation: they demanded more ransom money than the company had."
KNP Logistics Group, in business for 158 years, shut down after a hacker accessed an employee account protected only by an easily guessed password and no multifactor authentication. The intruder deployed ransomware across the entire infrastructure and intentionally destroyed backup and recovery systems, eliminating any possibility of local recovery. The attackers demanded a ransom larger than the company could pay and beyond cyber insurance coverage, forcing business failure despite a fleet of 500 trucks and 700 employees. The incident underscores the catastrophic risk of weak authentication, the need for multifactor authentication, robust backups, and adequate cyber insurance coverage. Law firms and other organizations should avoid security by obscurity.
Read at Above the Law
Unable to calculate read time
Collection
[
|
...
]