If anyone can buy ready-to-deploy ransomware nowadays, then any defense team can adhere to the following best practices to stay safe.
Cybercriminals are becoming increasingly savvy, and ransomware attacks have soared over the last decade.
A recent PwC UK Cyber Threat Intelligence report had revealed a spike in cybersecurity incidents that has significantly affected many organizations already bogged down by current pandemic.
What could have contributed to this trend? Consider the influx of new ransomware actors that sell their skills as a service; the expansion of existing affiliate schemes; and the cybercriminals’ constant pursuit of more revenue. It all comes down to opportunity costs.
As more people are working remotely, cybercriminals are capitalizing on the increased attack surface: just a single vulnerable device is sufficient in the ‘disappearing perimeter’ where more home devices are exposed; and many are connected to a corporate or government network.
A single successful attack can result in cybercriminals making hundreds of thousands or even millions of dollars.
Defending against ransomware
There are relatively simple steps businesses can take to avoid falling victim to a ransomware attack and managing the mitigation process when an attack does get through.
- Possibly the most important mitigation is educating all levels of an enterprise. Cybercriminals monitor employees’ online behavior to try and gain access to their organization’s network. Creating an enterprise-wide cybersecurity education and training strategy is key to mitigating ransomware attacks.
- Investing in a unified endpoint management (UEM) platform with built in threat detection software is another must. This will allow public sector networks to detect policy violations and implement the correct response. IT should also enforce regular account access reviews to ensure that only the right people have access to sensitive company information. This not only protects sensitive data from internal threats but also stops malicious actors from using over-permissioned accounts to inflict damage on the business systems.
- Security and IT teams need to be provided with context and adaptive intelligence regarding what their organization’s exposures are to vulnerabilities that are being actively exploited globally. This intelligence will enable teams to quickly remediate those threats. It can also improve the efficiency and effectiveness of security and IT operations teams in combatting weaponized vulnerabilities used by cyber adversaries.
- Implementing a recovery plan ensures that even if an attack succeeds, the organization will not need to considering paying the ransom. In any case, paying a ransom in no way guarantees the recovery of stolen. For that reason, government cybersecurity authorities like the NCSC do not advocate payment. The act will just embolden cybercriminals. A thorough recovery plan includes drills to manage ransomware attacks. Simply restoring data from a backup onto corrupted systems is not an option. Where hundreds or thousands of systems need to be reimaged prior to putting the data back on, a blueprint will be needed for what can be a huge operation.
- Getting rid of passwords in favor of multifactor, biometric or zero sign-on capabilities is the only way to stop cyber criminals harboring credentials. Eliminating passwords should be tightly coupled with the ability to establish a contextual relationship between the user, the network, policy compliance and the data that they are accessing.
- Eliminate common points of entrysuch as unpatched vulnerabilities and default configurations. Underfunded public bodies typically struggle to prioritize the patch management process in IT, due in part to the resources needed to patch every vulnerability manually. Unpatched vulnerabilities leave those organizations unprotected from malicious cyber threat actors exploiting known threat vectors to get a foothold into connected endpoints.
- Advanced persistent threats are often undetected and living off the land within a victim company’s network. The number of vulnerabilities being released is increasing exponentially, but this is an issue that can be resolved. Only 20% of these vulnerabilities are weaponized as cyberattackers tend to adhere to their old and outdated exploits. Automation, data science and machine learning can address such threats.
- Hyper-automation technologies that are powered by deep intelligence and use supervised and unsupervised machine learning algorithms can drastically improve IT defenses. They provide organizations with visibility over all endpoints, applications and data, and can effectively manage security and self-healing capabilities with minimal human intervention.
As digitalization evolves, ransomware will not be far behind in the technological stack: it no longer merely affects endpoints, servers and desktops, but is now targeting mobile devices, applications and software-as-a-service (SaaS).
Despite ‘ransomware’ being the term that usually makes it into the headlines, social engineering, email phishing and malicious email links are the major vectors that criminal organizations use to infiltrate environments and deploy their malware, and many successful attacks have originated from a mobile device.
Follow the above strategies to stay vigilant and proactively safe!