Another way to look at the problem is that organizations have just not been proactive enough, making ransomware attacks look more sophisticated.
Last month, Australian broadcaster Nine Entertainment could not air its Sunday news bulletin from its Sydney headquarters due to a cyberattack.
This was said to be the largest cyberattack on a media company in Australia’s history. The so-called ransomware attack forced the media outlet to shift operations to its Melbourne facilities, and was described as a “sophisticated and calculated attack that could take weeks to remediate.”
So far, no ransom demand has been received, and it has been suggested that this attack may have been state sponsored given the level of sophistication. The broadcaster’s quick response to notify affected individuals mitigate the damage via internal and external resources did help allay further delays in operations.
Sophistication in ransomware rising
According to one cyber expert, this large scale cyberattack is one of many in the past year, and highlights how prevalent such attacks are getting.
Said Rick McElroy, Principal Cybersecurity Strategist, VMware Security Business Unit: “Not only are ransomware attacks getting increasingly sophisticated, the nature of ransomware attacks has also evolved to the point where organizations are experiencing the full brunt, damage and impact firsthand.”
McElroy added that there are a lot of solutions that are deployed into cloud environments but that were not built with cloud threats in mind. Organizations should look to technologies that intrinsically deliver security as part of the solution, he said, offering the following addition tips:
- Deploy cloud-native security, not bolt-on solutions: Organizations should invest in workload security micro segmentation, as well as identity and access solutions that are built into their cloud stacks, rather than bolted on after the fact.
- Focus on workload security: To defend against cloud jacking, businesses using private and public clouds need to focus on protection not only at the endpoint level but across workloads.
Cloud workload security is particularly complex, as workloads pass among multiple vendors and hosts; thus, the responsibility for protecting them must be shared and jointly prioritized. Apps and data need to be protected wherever they are. As we navigate a cloud-first world, security for the cloud that extends across workloads and Kubernetes protection will be critical for all organizations.
- Move beyond multi-factor authentication into continual authentication: The central vulnerability in supply chain compromise stems from networks granting administrative access to outside parties. The larger that window of time an outside user is granted access, the larger the opportunity for an attacker to get in.
So, while multi-factor authentication is important, continual authentication is the next evolution, ensuring that no one has perpetual administrative rights, and that they are granted access for a purposeful window of time. For instance, solutions exist by which you can tokenize access and time limit it. Continually reviewing who has access is also crucial in preventing supply chain compromise.
- Threat hunting should be conducted on all devices returning to the workplace: Given the nature of command-and-control on a sleep cycle, steganography, and other methods, adversaries can maintain clandestine persistence in your systems.
By threat hunting all devices upon their return to the workplace, security teams can spot behavioral anomalies and then completely reimage the device, taking the bad actor with it.
CybersecAsia.net thanks Rick for sharing his insights.