Liberty Holdings was recently the victim of an online breach of information, and the responsible cybercriminals are blackmailing them with the stolen data.
In its initial statement, Liberty insisted that “no concessions had been made in the face of this attempted extortion”.
“Liberty has refused to pay, and good on them,” said Matt Boddy, security specialist at Sophos, a British security software and hardware company.
“After all, there's no guarantee the hackers wouldn't leak the data anyway, sell it to other criminals, or return with bigger demands next month,” he explained.
Boddy pointed out that the cybercriminals could stage getting hacked themselves, and the “pay for silence game could go on forever”.
The difference between ransomware and extortion
This is because it isn’t a ransomware attack, where cybercriminals encrypt data belonging to users – like the WannaCry ransomware attack in 2017.
In these situations, users can “buy” an unscrambling tool from the cybercriminals – therefore, “paying for a positive”.
“In an extortion attack, like the one against Liberty, you're paying for a negative and you’re essentially trusting the criminals indefinitely,” said Boddy.
“The good news is that Liberty is being upfront about the attack. The company is trying to find out what the hackers got hold of and how, in order to make sure this doesn't happen again,” he added.
How vulnerable, or ‘exposed’ was Liberty Holdings?
In October last year, a Singapore-based cyber intelligence agency, Kinkayo (rebranded as Cyber Intelligence House), released a Cyber Exposure Index.
This index is a representation of data that was collected from public sources in the deep web, the dark web, and data breaches. Based on this, signs of “sensitive disclosure, exposed credentials, and hacker group activity” are outlined.
The below infographic outlines the top 5 most exposed South African countries based on the data from October 2017:
Liberty Holding was number seven on the list of investigated companies in South Africa, and it fell under category four – which means it ranked under 25% of the most exposed companies in the World.
Cyber Intelligence House will release an updated report in two months, which will disclose more details, like the number of employees, behind the scoring system.
“A company’s exposure score goes down when the number of employees increase,” said Mikko Niemelä, CEO and president of Cyber Intelligence House.
“This is because a company will then implement cyber security awareness programmes and systematically educate and train their employees about cybersecurity,” he added.
However, this is not the case with Liberty Holdings.
Niemelä provided Justmoney with a report specifically focussed on Liberty Holdings, which includes updated details from June 2017 to May 2018.
The below graph shows where Liberty Holdings ranks in relation to the industry:
“Liberty is within the industry, and its exposure is very high. Exposure tends to lessen per employee when companies get bigger but that’s not the case with Liberty,” said Niemelä.
The below graph shows the number of events that occurred during this timeframe, as well as the accompanying risks.
“There was a significant amount of action before the breach. This may indicate stolen and breached credentials, which would eventually provide access to some of the company’s systems,” said Niemelä.
He explained that this is typically how cyberattacks happen, but that he cannot confirm that this is what happened in this particular case.
Rather than working with a 5-category scoring system, the new report rates each company out of 300. Liberty Holdings scored 192, which falls under the upper bracket of the third band between 100 and 200.
The third band is considered “high exposure”, where the company has “a moderate amount of exposed clients, accounts and data”.
David Munro, Liberty Group CEO, confirmed that the company was aware of the Cyber Exposure report which was released in October last year.
“Looking at this index demonstrates the broad nature of this issue and the challenge for all organisations to be vigilant and to improve their security systems on an on-going basis,” said Munro.
He explained that they continuously work to improve their systems, but that sometimes it’s simply not enough.
“We live in a world of highly sophisticated criminals whose methods evolve at an equal pace as the technology built to protect data from them,” said Munro.
What’s next for Liberty and its customers?
In its most recent update Liberty confirmed that it was in full control of its IT environment.
“Liberty is at an advanced stage of investigating the extent of the data breach, which at this stage seems to be largely emails and possibly attachments,” the statement read.
If you’re a Liberty consumer, Boddy recommends you watch out for future news from the company about this breach.
“Keep an eye on your bank statements and, as always, be vigilant about emails, phone calls, and text messages that offer to ‘help you recover’ from this security incident,” said Boddy.
“If you need to contact Liberty about this incident, please don't rely on phone numbers, email addresses, or websites that arrive in messages offering to help – those messages could come from anyone,” he explained.
“Look up the contact details yourself, for example on an old statement, or using a search engine,” he advised.