Who are Medusa, and what can you do to protect your business?
Cybersecurity firm CyberCX has recently reported at least 20 double extortion schemes by the cybercriminal gang Medusa, carried out across Australia and the Pacific since January 11.
Judging by its difference in operations compared to older gangs such as ALPHV (BlackCat), CyberCX identified that Medusa is a new cybercriminal gang with members who have worked in other criminal organisations previously. Through various modes of deception—including pretending to be a cybersecurity professional—Medusa encrypts and steals company data so that businesses are forced to pay a ransom to retrieve their files.
Already, Medusa has attacked numerous countries through a range of industries including manufacturing, telecommunications, energy, hospitality and professional services. So far, one of the gang’s most prominent attacks have been the Bank of Africa on February 11th, where the cybercriminals demanded a ransom payment with a deadline for February 22nd to boost their extortion efforts.
CyberCX director of cyber intelligence and public policy Katherine Mansted explained that unlike usual methods, Medusa has not been relying on malware to hack into companies’ systems. Rather, they have been working with initial access brokers (IABS)—cybercriminals who sell credentials for compromised computer networks—to gain the compromised data for their illicit activities.
According to this kind of business relationship, IABS are paid for their technical skills to uncover vulnerabilities in target systems, which allow cybercriminal gangs like Medusa to focus on their extortion activities. IABS have been reported to capitalise on stolen data by selling it to multiple cybercriminal gangs, leading to victims and organisations being attacked multiple times in a short period.
Despite the emerging dangers the Medusa gang poses, CyberCX has also identified a myriad of weaknesses in how the organisation conducts their operations. According to Ms Mansted, the gang’s operational security and the software they use to encrypt systems contain notable vulnerabilities. And further, CyberCX has uncovered multiple social media accounts that may be operated by Medusa, including profiles on Facebook and Telegram intended to build their credibility.
Why cybercriminal gang activity is set to increase in Australia
Abigail Bradshaw, head of the ABSC, explained that citizens’ and businesses’ increased use of digital technologies in recent years have made cybercriminal activities easier to replicate at a larger scale. For cyber gangs, this reliance on digital systems without cyber insurance and thorough preventative measures makes extortion, espionage, and fraud all too easy.
Over the previous financial year, The Australian Cyber Security Centre (ABSC) received more than 76 000 cybercrime reports, with Australia’s critical infrastructure assets—electricity grid and telecommunications networks—being targeted the most. Large companies like Optus and Medibank have faced fines by the federal government for exposure in data breaches, and failure to protect their customers’ data.
Even more concerningly, this havoc within the cyber world has been heightened due to global conflict and tensions. Bradshaw explained that worrying trends have flowed in from the war in Ukraine, where the most powerful cybercrime gangs have combined efforts with entire nation-states. Director-general of the Australian Signals Directorate Rachel Noble further explained that there exist state-based actors wealthy enough to pursue similar endeavours.
Protecting your data against cybercriminal gangs is a must
With all these emerging digital risks, the thought of security breaches can be frightening and unexpected. However, it is important not to panic, as there are multiple ways that you can ensure your data is protected from cybercriminal activities.
Whether your company is online, industrial or a professional services business, every business needs a form of Cyber Insurance
protection. Along with investing in proper security defences, Cyber Insurance can provide you with more protection, and a greater sense of safety.
The types of cybercrimes covered by cyber insurance include:
- Malicious code or malware
- Denial of service attack on your operating system
- Industrial espionage
- Identity or data theft
- Hacking attack
- Cyber Theft from fraudulent representation
Although, it is important to remember that cyber insurance does NOT cover:
- Damage from intentional acts
- Your business becoming insolvent
- Incidents or claims known prior to the policy commencing
- Claims made against directors and officers
- Accidental personal injury or property damage
- Professional liability claims for negligence in your professional duty of care