Cyberattaque de la Croix-Rouge : Un entretien avec des cyber-experts

kos
janvier 27, 2022

La Croix-Rouge internationale est attaquée. Elle a été victime d’une cyberattaque massive. Les données sensibles d’au moins 515 000 personnes vulnérables sont en danger. Certaines de ces personnes fuyaient des conflits ou recherchaient des membres de leur famille qu’elles avaient perdus à la suite d’une catastrophe, d’un conflit ou d’une détention.

L’évolution de la cyberattaque de la Croix-Rouge

La cyberattaque a été découverte sur des serveurs appartenant au Comité international de la Croix-Rouge. L’organisation d’aide internationale ne sait pas qui a exécuté l’attaque. Mais elle sait que les données ont été volées à une entreprise externe à Genève, en Suisse. Aucune donnée sensible ne semble avoir été divulguée pour l’instant. Les données sensibles proviennent d’au moins soixante organisations nationales de la Croix-Rouge et du Croissant-Rouge. On ne sait pas encore dans quelle mesure les données de la Croix-Rouge de Flandre sont menacées. Le Comité international de la Croix-Rouge s’inquiète des risques potentiels pour les personnes qu’il tente de protéger. Si des informations sensibles concernant des personnes disparues venaient à être divulguées, la peur et la souffrance des familles seraient encore plus difficiles à supporter. L’organisation d’aide internationale s’est sentie obligée de fermer ses systèmes informatiques. Mais que faire en cas de cyberattaque ? Nous avons interrogé quelques-uns de nos développeurs de logiciels pour obtenir quelques réponses.

Question 1: Hello Alex and Jelle, what are your roles at Jimber exactly?

We are software developers who have studied ethical hacking. Right now, we are working on one of the core projects of Jimber. Jimber has three core projects or solutions; Browser Isolation, Web App Isolation, and the Digital Vault. We have been working on the Browser Isolation project for over 3 years. You can see Browser Isolation as our base Isolation technology that we also use in our Web App Isolation and in the Digital Vault. We use these technologies to protect browsers, corporate applications, files, and passwords against cyberattacks.

Question 2: What do you think will happen to the personal data the hackers have accessed?

This is something no one can know for certain, only the hackers can decide what they will do with the personal data. They could sell it to the highest bidder. Or they could just publish them online for everyone to see. But the latter is rather unlikely since there are no scandals to be made public. Another possibility would be that they use the data themselves to con these people in some way. But most of the time this would be done by the people buying the data.Therefore, we assume the hackers will just sell the data and be done with it.

Question 3: What is the most common cyberattack?

Ransomware is a type of malware that hackers use to threaten you. Attackers can threaten to publish the victim’s personal data. Or they can hold it hostage until the victims pay a ransom.

How does this attack work?

The attack works by tricking a user into downloading and executing a malicious piece of software. This software encrypts all data on your system.

What would be the consequences of a cyberattack like that?

This attack could have severe consequences. It could cause temporary or permanent loss of data, a complete shutdown or lockdown of your company’s operations, and financial loss because of the lockdown. Ransomware prevents you from accessing your computer files, systems, or networks. These attacks are also difficult to investigate. They affect society in many ways. They can damage reputations or have a big emotional impact on vulnerable people.

Question 4: How would you prevent such an attack with the Jimber solutions?

Browser Isolation

Using Browser Isolation could prevent less advanced users from downloading and running malicious executables. The file could be contained in an isolated environment.Our Isolation technology is a zero-trust technology. This means that the technology doesn’t trust any website. However, that doesn’t mean that our technology blocks websites. All websites and websites remain accessible and the user doesn’t notice anything. This way, you can be confident your important information stays safe. You can also work anywhere you want and careless employees are no longer a risk.Isolated Browsing moves all user browsing activity in an isolated environment and secures the threats. It allows users to access any website instead of keeping them away from unsafe websites. Viruses or cyberattacks are contained in the isolated Jimber container and are removed as soon as the session is closed. This way, the viruses and cyberattacks are no longer a threat to your organization. Web content never actually reaches your computer and malware is never able to enter your system.Without Browser Isolation, hackers can place malware in the code and your pc would just translate it and execute the code. At Jimber, we redirect the code to another server with virtual computers. This server sends back a stream of images instead of the source code of the website. This way, the code is not accessible or customizable anymore. This stream of images makes it unhackable.

Web App Isolation

Web App Isolation also uses the same principle as Browser Isolation. It’s also our isolation technology, but now it protects web applications. Web app security uses a certain ‘container’ between web apps and the computer of the end-user. This way APIs are protected and application vulnerabilities can’t be exploited by malware anymore. Now, your company’s applications are protected against cyberattacks.

The Digital Vault

This digital ‘safe’ uses Web App Isolation. It’s a secure environment to share and save documents. It’s also a vault where credentials can easily be shared without actually sharing your passwords. This way, your sensitive data can’t be hacked, intercepted, or accessed by unauthorized people.

Cybersecurity audits & pentests

By having us audit your company, we could locate weak points in your infrastructure and/or employees, preventing them from doing dangerous things. During a cybersecurity audit, we look for the biggest issues of your organization. We analyze what systems are safe and what systems could create some problems.This analysis includes:

Wi-Fi segmentation between guest and private check
A global scan of servers on-premise and of machines
Firewall and rules check
VPN, IP, and camera check
A user awareness check of emails and passwords
Website check for SQL injection and updates
Update of policies
Outdated devices / operating systems that are end of life check
Backup policy
Type WiFi encryption safe / not safe check

Through a report we let you know our concrete advice on what you can do to optimize your systems.With a pentest, we can go even further than with a security audit. We test all apps, websites, networks, APIs, input fields and specific vulnerabilities to exclude all possible risks.