Anti-Ransomware Day: Tackling the Ever-Evolving Threat

Published on
12/05/2023 02:05 PM
ransomware

Anti-Ransomware this year commemorates the six year anniversary of the WannaCry attack, one of the most notorious worldwide ransomware attacks to date. The attack, which was estimated to have infected more than 300,000 computers across 150 countries and cost the global economy approximately $4 billion, displayed just how destructive cyber criminals can be to the organisations they target. 

Andy Bates, Practice Director - Security at Node4 highlights that, “the average downtime following a ransomware attack is 22 days, during which the organisation incurs huge reputational and financial damage. Whilst ransomware is certainly not a new threat to organisations, such attacks have grown in frequency and severity in recent years.”

Whilst attacks on this scale are rare, as Christopher Rogers, technology evangelist at Zerto, a Hewlett-Packard Enterprise company, points out, “ransomware is far from a waning threat; in fact, it’s only just entering its ‘golden age’. Recent research has demonstrated that last year 61% of disaster recovery responses were triggered due to ransomware.” 

A constantly evolving threat

Though organisations have done all they can to keep up with ransomware tactics as they develop, the ever-evolving nature of attack strategies has made this no easy feat. 

Andy Swift, Cyber Security Assurance Technical Director, Six Degrees, observes that contemporary attacks differ from encryption based attacks of the past: “Ransomware in 2023 is an interesting, fast evolving, and now almost refined world. The days of smash and grab mass encryption events, which proved to be quite disruptive back in the day, are long gone. Instead, the techniques we are seeing attackers employ today are far more advanced; almost patient in nature. Attackers will spend time searching for valuable data and researching their targets post-compromise, before actually doing anything with the data.”

He explains that, “the world has got better at defending and recovering - the impact of mass encryption is just not what it once was. To combat this, attackers have had to evolve and change what they are actually ransoming”. 

While in 2017 Wannacry’s attackers were highly effective using the old ‘encryption method’, today’s attackers are finding that simply extracting the RIGHT data and then threatening to go public with it is ransom enough,’ he concludes. “Data extortion is now a huge business."

Zerto’s Rogers emphasises the importance of the right defence in the face of these evolving threats: “In 2023, the threat of ransomware is not an ‘if’, it’s a ‘when’. By taking advantage of the right technology and embracing resilience, organisations can ensure that when an attack occurs the damage and downtime are a fraction of what they could be.”

He adds that, “Organisations need to be investing in technology such as isolated and air-gapped vaults that provide the means to protect, detect, and recover from ransomware attacks in any environment.”

The root of the problem: organisational weaknesses

In order to successfully defend against ransomware attacks, organisations must first determine their vulnerabilities. 

Jasson Casey, Chief Technology Officer at Beyond Identity, notes that “even for seasoned security professionals, there can be misconceptions of the main causes of ransomware attacks. Attackers don’t break in, they log in. The Verizon 2022 Report illustrates that a significant majority of ransomware breaches are as a result of stolen credentials, with an almost 30% increase of use since 2017, cementing it as one of the most tried-and-true access methods in the past four years.” 

In order to fix this weakness, Casey recommends adopting more robust authentication methods: “Authentication that has been designed to accelerate the journey to zero trust security paradigms significantly reduces risk by ensuring continuous authentication whilst eliminating all credentials and codes that attackers use to plant ransomware crops. By leveraging the combination of biometrics and Passkeys based on the Fast Identity Online (FIDO) standards, organisations are able to always know who and what device is requesting access.” 

The problem of online security has become more difficult to manage with connectivity requirements increasing exponentially in recent years. As Hubert Da Costa, CRO at Celerway explains, “with an estimated 43% of people having had their online security compromised while using public Wi-Fi, the opportunities for threat actors to place ransomware or malware through these unsecured networks will put companies’ (and their customers’) data at risk.” 

To tackle this issue, he suggests that “Modern, remote workforces therefore need modern secure connections to prevent these types of ransomware attacks. Businesses should be delivering this seamless high-performance connectivity to workers as standard, but not at the cost of security.”

With unpatched organisational vulnerabilities being the single most common access method for cybercriminals, Laurie Mercer, Director of Security Engineering at HackerOne, suggests a relatively simple solution: “Using a cybercriminal's own strengths against them to protect and patch vulnerabilities by adopting the outsider mindset.” 

He outlines the benefits of such a mindset, stating that “organisations should continuously evaluate and improve their security practices, keeping up with the latest threat intelligence, and investing in regular security assessments by skilled security professionals, testers and hackers. Where cybercriminals look for ways onto your system without your permission, businesses that allow ethical hackers to access their systems will ensure unknown entryways are effectively blocked.”

Using technology to your advantage

Alongside fortifying vulnerabilities, organisations should also be utilising the latest technology in order to defend against ransomware attacks and often avert them entirely. 

As Node4’s Bates declares, “a proactive approach to cybersecurity is essential to prevent attacks from occurring in the first place.”

He offers this advice on how to achieve this: “An often overlooked approach is to source and implement a managed threat and detect service. A Security Operations Centre service (SOC) uses the latest AI technology and third-party intelligence sources to deliver proactive security management. The external team of expert security analysts will monitor alerts 24/7, and be on hand to immediately respond to any threats that occur. Working with a managed service partner provides an agile and responsive way to tackle IT security threats.” 

While using technology can provide significant defence against attacks, it is vital that organisations stay on top of susceptibilities within these systems. Randeep Gill, Principal Cybersecurity Strategy at Exabeam, has witnessed this with endpoint technology: “Unfortunately, endpoint detection and response (EDR) solutions, which were initially designed to identify behaviour and were utilised for forensic examination by analysts, also have a high susceptibility to exploitation themselves.If an adversary were to take advantage of an EDR tool, they would have access to variety of an organisation's telemetry, including user and identity authentication, access to files, system variables and key business applications. All of which increases the scope through which ransomware can be deployed.” 

To manage this issue, he suggests that “security teams need complete and holistic visibility across any environment — which includes, but is not limited to, endpoint logs. In order to paint a full picture, CISOs and their security teams must be able to monitor user and device behaviour across the whole network to distinguish between normal and anomalous behaviour.” 

line em360

Under the stewardship of editors from The Economist, Commercialising Quantum explores how organisations can get the most out of quantum. Taking place on May 17th – 18th 2023,  The two-day agenda will cover the promise, the perils, the applications, the limitations, the hype and the reality of quantum. 

Expert speakers will discuss where quantum outperforms classical computing and will offer a balanced view of the technology’s advantages. Driven by the need to mitigate immediate and emerging threats, public and private entities should start the process of migration. 

But the looming global recession will force enterprises to make tough choices about where to invest. Does it make sense to capitalise on quantum technology today? Commercialising Quantum will empower you to evaluate if and when your company should invest in Quantum technologies.

REGISTER NOW! 

Join 34,209 IT professionals who already have a head start

Network with the biggest names in IT and gain instant access to all of our exclusive content for free.

Get Started Now