Aircraft equipment manufacturer ASCO Industries, located in Zaventem, is at a standstill. The group, which makes parts for the giants Boeing and Airbus, among others, was a victim of hacking on Friday. And all production at the international level is stopped, in Belgium, but also in subsidiaries in Germany, the United States and Canada. Only on the site of Zaventem, there are more than 1000 people who are unemployed, Tuesday and Wednesday.

Unlike aluminum producer Norsk Hydro, who was hit by a similar ransomware attack earlier this year and provided constant updates about the incident, ASCO has been very quiet about its dealings. The name of the ransomware strain that infected the company’s Belgium plant was not made public.

How MFA can prevent ransomware attacks?

Ransomware is the fastest growing attack-vector targeting all sorts of companies, institutions and organizations. Ransomware is a type of malware that accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back. Ransomware is the digital version of mafia demands for protection money or is like the “digital kidnapping” of valuable data – from personal photos and memories to client information, financial records and intellectual property. Most ransomware gain access through hijacking static passwords and among the best practices to mitigate against such attacks adopting stronger authentication with two-factor authentication is one of the best. Passwords are convenient and tried-and-tested when it comes to securing your online accounts and digital data. However, the major downside is their susceptibility to being stolen using spyware or through trickery. The use of two-factor authentication (2FA), however, is a good defense against account compromise because it adds another layer of protection after your password, usually by combining one factor (your password) with a second factor (a text message/verification code sent to your cell phone number or a push).

It’s been a year now that Google has launched a USB key and a Bluetooth security key to increase the level of security of its users when connecting to online services. These keys use the U2F protocol which ensures that a new authentication key is generated each time a service is connected.

This Wednesday, May 15, the firm reveals on its security blog that a security breach had been discovered on the Bluetooth version of the security keys Titan Low Energy (BLE) and proposes to replace the defective units

Google refers to a misconfiguration in Bluetooth pairing protocols that could allow an attacker physically close (10 meters) to communicate with the security key or with the device to which this key is connected.

The Mountain View firm, however, assures that “For the wrong configuration to be exploited, an attacker would have to align a series of events in close coordination”. The idea behind these explanations is to demonstrate that despite the existence of this security vulnerability, a malicious person should combine a certain number of parameters in order to take advantage of the said fault. In other words, it is unlikely that this flaw was exploited. On the other hand, it is indicated that to exploit this flaw, a malicious actor must also have the username and the password of the target.

Google is trying to reassure its users that “This security issue does not affect the primary purpose of security keys, which is to protect against phishing by a remote attacker,” said Google. Then, continue by saying “Security keys remain the most effective protection against phishing; It is always safer to use a key with this problem than to disable 2-step security-based authentication (2SV) on your Google Account or switch to a less phishing-resistant method (SMS or prompts sent to your device, for example). “The firm also insists that this issue does not affect its USB and NFC security keys, but only the Bluetooth Low Energy (BLE) version of its Titan security key.

To conclude, Google offers a replacement key for all holders of a defective unit with a small “T1” or “T2” brand on the back.

Cybercriminals attacked the healthcare industry at a higher rate than any other sector in 2015, and more than 100 million healthcare records were compromised last year, according to a new report published by IBM.

In fact, 2015 was “the year of the healthcare breach,” IBM said in its 2016 Cyber Security Intelligence Index.

The rate of attacks against the healthcare sector climbed to the highest level of all industries studied in 2015, after not making the top five in 2014, as healthcare leaped ahead of the manufacturing, financial services, government and transportation industries.