The International Red Cross is under attack. They have been the victim of a mass cyberattack. The sensitive data of at least 515.000 vulnerable are at risk. Some of these people were fleeing conflicts or looking for family members they lost after a disaster, conflict, or detention.
The Red Cross cyberattack developments
The cyberattack was discovered on servers owned by the International Committee of the Red Cross. The international aid organization doesn’t know who executed the attack. But they do know the data was stolen from an external company in Genève, Switzerland. No sensitive data seemed to have leaked yet. The sensitive data comes from at least sixty national Red Cross and Red Crescent organizations. It’s not clear yet to what extent data from Red Cross Flanders is at risk. There are around a thousand Red Cross Flanders files that could be compromised.
The International Committee of the Red Cross is concerned about the potential risks for the people they’re trying to protect. If the sensitive information of missing people would get leaked, the fear and suffering of the families would be even more difficult to endure. They are asking the hackers to not share or leak the data.
The international aid organization felt compelled to shut down their computer systems. Meanwhile, they are looking for a temporary solution to keep doing their essential work.
But what should you do in case of a cyber attack? We interviewed some of our software developers to get some answers.
Question 1: Hello Alex and Jelle, what are your roles at Jimber exactly?
We are software developers who have studied ethical hacking. Right now, we are working on one of the core projects of Jimber. Jimber has three core projects or solutions; Browser Isolation, Web App Isolation, and the Digital Vault. We have been working on the Browser Isolation project for over 3 years. You can see Browser Isolation as our base Isolation technology that we also use in our Web App Isolation and in the Digital Vault. We use these technologies to protect browsers, corporate applications, files, and passwords against cyberattacks.
Question 2: What do you think will happen to the personal data the hackers have accessed?
This is something no one can know for certain, only the hackers can decide what they will do with the personal data. They could sell it to the highest bidder. Or they could just publish them online for everyone to see. But the latter is rather unlikely since there are no scandals to be made public. Another possibility would be that they use the data themselves to con these people in some way. But most of the time this would be done by the people buying the data.
Therefore, we assume the hackers will just sell the data and be done with it.
Question 3: What is the most common cyberattack?
Ransomware is a type of malware that hackers use to threaten you. Attackers can threaten to publish the victim’s personal data. Or they can hold it hostage until the victims pay a ransom.
How does this attack work?
The attack works by tricking a user into downloading and executing a malicious piece of software. This software encrypts all data on your system.
What would be the consequences of a cyberattack like that?
This attack could have severe consequences. It could cause temporary or permanent loss of data, a complete shutdown or lockdown of your company’s operations, and financial loss because of the lockdown. Ransomware prevents you from accessing your computer files, systems, or networks. These attacks are also difficult to investigate. They affect society in many ways. They can damage reputations or have a big emotional impact on vulnerable people.
Question 4: How would you prevent such an attack with the Jimber solutions?
Using Browser Isolation could prevent less advanced users from downloading and running malicious executables. The file could be contained in an isolated environment.
Our Isolation technology is a zero-trust technology. This means that the technology doesn’t trust any website. However, that doesn’t mean that our technology blocks websites. All websites and websites remain accessible and the user doesn’t notice anything. This way, you can be confident your important information stays safe. You can also work anywhere you want and careless employees are no longer a risk.
Isolated Browsing moves all user browsing activity in an isolated environment and secures the threats. It allows users to access any website instead of keeping them away from unsafe websites. Viruses or cyberattacks are contained in the isolated Jimber container and are removed as soon as the session is closed. This way, the viruses and cyberattacks are no longer a threat to your organization. Web content never actually reaches your computer and malware is never able to enter your system.
Without Browser Isolation, hackers can place malware in the code and your pc would just translate it and execute the code. At Jimber, we redirect the code to another server with virtual computers. This server sends back a stream of images instead of the source code of the website. This way, the code is not accessible or customizable anymore. This stream of images makes it unhackable.
Web App Isolation
Web App Isolation also uses the same principle as Browser Isolation. It’s also our isolation technology, but now it protects web applications. Web app security uses a certain ‘container’ between web apps and the computer of the end-user. This way APIs are protected and application vulnerabilities can’t be exploited by malware anymore. Now, your company’s applications are protected against cyberattacks.
The Digital Vault
This digital ‘safe’ uses Web App Isolation. It’s a secure environment to share and save documents. It’s also a vault where credentials can easily be shared without actually sharing your passwords. This way, your sensitive data can’t be hacked, intercepted, or accessed by unauthorized people.
Cybersecurity audits & pentests
By having us audit your company, we could locate weak points in your infrastructure and/or employees, preventing them from doing dangerous things. During a cybersecurity audit, we look for the biggest issues of your organization. We analyze what systems are safe and what systems could create some problems.
This analysis includes:
- Wi-Fi segmentation between guest and private check
- A global scan of servers on-premise and of machines
- Firewall and rules check
- VPN, IP, and camera check
- A user awareness check of emails and passwords
- Website check for SQL injection and updates
- Update of policies
- Outdated devices / operating systems that are end of life check
- Backup policy
- Type WiFi encryption safe / not safe check
Through a report we let you know our concrete advice on what you can do to optimize your systems.
With a pentest, we can go even further than with a security audit. We test all apps, websites, networks, APIs, input fields and specific vulnerabilities to exclude all possible risks.
Question 5: What other general tips can you give us to prevent cyberattacks and limit the damage?
Develop cybersecurity policies. Such as:
- Train your employees to prevent cyberattacks.
- Make a proper update schedule of all systems/printers/laptops/servers/…
- Install spam filters and anti-malware software.
- Perform routine security audits.
- Use security solutions on all your devices.
- Beware of pop-ups, links, downloads, and e-mail attachments.
- Use multi-factor authentication or passwordless authentication.
- Perform regular backups.
Discover our cybersecurity solutions!
Read more about the Red Cross cyberattack here: https://www.vrt.be/vrtnws/nl/2022/01/20/internationale-rode-kruis-getroffen-door-grootschalige-cyberaanv/