Aircraft equipment manufacturer ASCO Industries, located in Zaventem, is at a standstill. The group, which makes parts for the giants Boeing and Airbus, among others, was a victim of hacking on Friday. And all production at the international level is stopped, in Belgium, but also in subsidiaries in Germany, the United States and Canada. Only on the site of Zaventem, there are more than 1000 people who are unemployed, Tuesday and Wednesday.

Unlike aluminum producer Norsk Hydro, who was hit by a similar ransomware attack earlier this year and provided constant updates about the incident, ASCO has been very quiet about its dealings. The name of the ransomware strain that infected the company’s Belgium plant was not made public.

How MFA can prevent ransomware attacks?

Ransomware is the fastest growing attack-vector targeting all sorts of companies, institutions and organizations. Ransomware is a type of malware that accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back. Ransomware is the digital version of mafia demands for protection money or is like the “digital kidnapping” of valuable data – from personal photos and memories to client information, financial records and intellectual property. Most ransomware gain access through hijacking static passwords and among the best practices to mitigate against such attacks adopting stronger authentication with two-factor authentication is one of the best. Passwords are convenient and tried-and-tested when it comes to securing your online accounts and digital data. However, the major downside is their susceptibility to being stolen using spyware or through trickery. The use of two-factor authentication (2FA), however, is a good defense against account compromise because it adds another layer of protection after your password, usually by combining one factor (your password) with a second factor (a text message/verification code sent to your cell phone number or a push).


Microsoft has released a patch to fill the vulnerability BlueKeep for Windows 7 but also, is unusual, Windows XP. This flaw is taken very seriously to the point of getting out of hinges the US National Security Agency (NSA).

In mid-May, Microsoft issued a security alert for a remote code execution vulnerability with the reference CVE-2019-0708, dubbed BlueKeep. This vulnerability can affect Windows 7, Windows XP, Windows 2003, Windows Server 2008 R2, and Windows Server 2008. Microsoft released a BlueKeep patch for Windows 7 and another patch for Windows XP.

“These reproduction conditions are ideal for the propagation of a worm that looks like WannaCry,”

The publisher strongly recommends that users apply it to the designated systems. Indeed, the code designed to exploit the vulnerability could disseminate a pre-authentication, without any intervention of the user. “These reproduction conditions are ideal for the propagation of a worm that looks like WannaCry,” Microsoft warned. In 2017, WannaCry had disabled millions of computers from a single, very broad-spread attack, infecting machines with ransomware. The NSA fears that this will happen again. “This kind of vulnerability is more and more commonly exploited by attackers who use malicious code that specifically targets vulnerability,” the US security agency wrote. “The vulnerability could for example be exploited to conduct denial of service attacks.”

A code of exploit soon spread on a large scale?

The NSA estimates that in a short time, remote exploit code will be widely available for this vulnerability. The agency fears that hackers are using the vulnerability in ransomware and exploit kits containing other known exploits, thus increasing nuisance capabilities against other unpatched systems.

Although the vulnerability was discovered more than two weeks ago, Microsoft notes that cybercriminals rarely act so quickly. For example, two months elapsed between the discovery of the EternalBlue vulnerability, which had set the stage for WannaCry attacks, and the moment when hackers began exploiting it. “Even though they have about 60 days to update their systems, many customers have not yet done so,” said Microsoft. Naturally, the publisher takes the opportunity to encourage customers to migrate from their old operating systems to its latest Windows 10 system.

Windows 8/10 versions not affected

While the Redmond firm has made the unusual decision to deliver a BlueKeep patch for Windows XP, support for Windows 7 comes to an end next January. “Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it’s no coincidence that later versions of Windows are not affected,” Microsoft wrote opportunely. “Microsoft is investing heavily in enhancing the security of its products, often through major architectural improvements that previous versions of Windows can not take advantage of.”


The banking industry and online merchants are fighting against fraud by developing fraud detection systems that are increasingly subtle and complex.

Because of our online habits and the number of transactions that are done through the internet, they created the concept of digital identity in order to reinforce the level of online protection. In other words, fraud detection systems created digital fingerprints of real users to better recognize fraudsters. The process is a combination of various elements which help to determine your identity. For instance, before validating an online transaction, they do not just check the number, the validity date and the cryptogram of the credit card. They will also comb through the user’s identity and behavior, using statistical analysis and artificial intelligence. Where does it connect? What time is the purchase? Which browser does he use? In which shop, does he shop? What is his order history? What are the technical specificities of his screen and his computer? Etc. If something does not fit, the transaction is rejected or a manual check is triggered (a call, for example).

On March 14, the banks had to have made available a test API portal dedicated to developers.

Cybercriminals naturally reacted to this manoeuvre. To remain under the radar of detection systems, the fraudster has a fake digital identity that is as close as possible to the owner of the credit card: an IP address of the same country or city, the same browser version, the same screen, the same way of navigating, etc. The ideal is obviously to have the identity of a real person. These identities can be purchased on the Darknet. According to Kaspersky’s security researchers, the largest marketplace of its kind is called Genesis, an invitation-only site with more than 60,000 fingerprints for sale.

But going to these API portals is not easy. Thanks to the investigative work of the JDN who contacted the big French banks to know if they have deployed their portal, the address of it and how many APIs have been put online, we have a global overview of the French banking landscape with PSD 2 opening requirements.

Using a Genesis digital identity is not complicated. Just buy it and load a browser extension provided for this purpose, available for Chromium-based browsers. From that moment on, it’s as if the criminal put on a mask. His online behaviour now impersonates the stolen identity. If the mask is of good quality, it will allow him not to raise an alarm when performing a fraudulent purchase. 

It’s in this context and faced with these impersonations, that the notion of strong authentication becomes relevant. Indeed, it would be sufficient for all transactions to be systematically validated by a second authentication factor in order to make the fraudster of digital identities ineffective in its described form. The notion of strong authentication required by the Payment Services Directive 2, therefore, requires banks to set up a procedure that seems to be the only way to really fight against digital identities fraud.


Cloud is a great thing to have, an endless source of computing power at anyone’s finger tips, a relentless work horse on which to offload nearly any task, at any time and from anywhere. But as it goes with basically anything in IT landscape, cloud is not a silver bullet for everything and your corporate identity might be one such, what the recent Azure MFA downtime demonstrates.