CSLATEST

ansomware
Bernard Montel, Tenable: a further trend
that has been seen is threat actors wiping
data at rest.
Iraklis Mathiopoulos, Obrela: the
cybersecurity experts' consensus is that
ransoms shouldn't be paid.
the incentive to pay ransoms, with victims
more likely to hesitate, if there's a risk of being
reported to authorities, post-payment. We've
seen a rise in double extortion attacks and
pure extortion-based attacks. Now we see
the commoditisation of Ransomware-as-a-
Service, which offers individuals with minimal
technical expertise the means to execute
ransomware attacks and skip the first stages
of the attack.
"Automation is enabling initial access brokers
to identify and offer more breach-ready environments.
Consequently, expect a surge in
attack frequency, driving the adoption of
Managed Detection and Response (MDR)
services to avert attacks."
ROBUST PLAN ESSENTIAL
When it comes to ransomware, we must stay
ahead of the curve and know what to look
out for, advises Iraklis Mathiopoulos, chief
services delivery officer at Obrela. "Organisations
without a robust security plan in place
are more likely to suffer an attack. You need
'always on' around-the-clock monitoring to
identify, analyse and predict security threats,
and prevent them from happening. At the
very least, any system you have in place
should be able to mitigate the consequences
of attack - or attack attempt - quickly and
effectively, limiting the damage to your critical
operational processes and reputation, while
also preventing successful ransomware
attacks.
"We have witnessed attacks evolve from
single extortion [encryption]) to double
extortion [data exfiltration] to triple extortion
[attacking customers directly] to quadruple
extortion [DDoS]. Today, ransomware gangs
have added destructive wiper attacks to
their arsenal and in 2024 we expect to see
evermore creative attack methods emerging,
including more cloud, AI and IoT-related
attacks."
Prevention is better than cure, of course,
he cautions, and ensuring you have the best
possible threat intelligence and protection
in place will help avoid attack, rather than
dealing with the response, remediation and
ransomware issues. "We advise immutable
backups, but even this sensible precaution
is not without its problems. It does not, for
instance, guarantee the immutability of
data held in the past where attackers have
penetrated the network weeks or months
ago.
"Virtually all ransomware attacks start with
a compromised endpoint, typically a PC or
server. Protecting these is vital, with the
traditional defence being a security agent.
Unfortunately, these will occasionally fail,
which leaves most organisations relying on
network security tools to spot anomalous
traffic," states Mathiopoulos.
One of the reasons ransomware attacks have
become so severe is that attackers can lurk
inside infrastructure for a long time. "With
Managed Detection and Response, (MDR),
though, incursions are detected sooner, rather
than later. MDR integrates endpoint and
network tools under one platform, allowing
better detection and automated remediation,
alert prioritisation and response."
As for whether a ransom demand should
be paid, he is quite clear. "The cybersecurity
experts' consensus is that ransoms shouldn't
be paid. Depending on jurisdiction, paying
for ransomware is potentially illegal, because
it might be a) funding criminal activity, b)
transferring funds to sanctioned entities, c)
supporting terrorist organisations.
"We understand the potential reputational
damage forces many decision makers to pay
the ransom, but, as an industry, we must
highlight that payment does not guarantee
the return of data, may fund further cybercrime
activities and could even make the
organisation a 'softer' target for future attacks.
The advice is simple enough: focus on
prevention, backup strategies and incident
response plans instead."
32
computing security May/June 2024 @CSMagAndAwards www.computingsecurity.co.uk