CSLATEST
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ansomware<br />
Bernard Montel, Tenable: a further trend<br />
that has been seen is threat actors wiping<br />
data at rest.<br />
Iraklis Mathiopoulos, Obrela: the<br />
cybersecurity experts' consensus is that<br />
ransoms shouldn't be paid.<br />
the incentive to pay ransoms, with victims<br />
more likely to hesitate, if there's a risk of being<br />
reported to authorities, post-payment. We've<br />
seen a rise in double extortion attacks and<br />
pure extortion-based attacks. Now we see<br />
the commoditisation of Ransomware-as-a-<br />
Service, which offers individuals with minimal<br />
technical expertise the means to execute<br />
ransomware attacks and skip the first stages<br />
of the attack.<br />
"Automation is enabling initial access brokers<br />
to identify and offer more breach-ready environments.<br />
Consequently, expect a surge in<br />
attack frequency, driving the adoption of<br />
Managed Detection and Response (MDR)<br />
services to avert attacks."<br />
ROBUST PLAN ESSENTIAL<br />
When it comes to ransomware, we must stay<br />
ahead of the curve and know what to look<br />
out for, advises Iraklis Mathiopoulos, chief<br />
services delivery officer at Obrela. "Organisations<br />
without a robust security plan in place<br />
are more likely to suffer an attack. You need<br />
'always on' around-the-clock monitoring to<br />
identify, analyse and predict security threats,<br />
and prevent them from happening. At the<br />
very least, any system you have in place<br />
should be able to mitigate the consequences<br />
of attack - or attack attempt - quickly and<br />
effectively, limiting the damage to your critical<br />
operational processes and reputation, while<br />
also preventing successful ransomware<br />
attacks.<br />
"We have witnessed attacks evolve from<br />
single extortion [encryption]) to double<br />
extortion [data exfiltration] to triple extortion<br />
[attacking customers directly] to quadruple<br />
extortion [DDoS]. Today, ransomware gangs<br />
have added destructive wiper attacks to<br />
their arsenal and in 2024 we expect to see<br />
evermore creative attack methods emerging,<br />
including more cloud, AI and IoT-related<br />
attacks."<br />
Prevention is better than cure, of course,<br />
he cautions, and ensuring you have the best<br />
possible threat intelligence and protection<br />
in place will help avoid attack, rather than<br />
dealing with the response, remediation and<br />
ransomware issues. "We advise immutable<br />
backups, but even this sensible precaution<br />
is not without its problems. It does not, for<br />
instance, guarantee the immutability of<br />
data held in the past where attackers have<br />
penetrated the network weeks or months<br />
ago.<br />
"Virtually all ransomware attacks start with<br />
a compromised endpoint, typically a PC or<br />
server. Protecting these is vital, with the<br />
traditional defence being a security agent.<br />
Unfortunately, these will occasionally fail,<br />
which leaves most organisations relying on<br />
network security tools to spot anomalous<br />
traffic," states Mathiopoulos.<br />
One of the reasons ransomware attacks have<br />
become so severe is that attackers can lurk<br />
inside infrastructure for a long time. "With<br />
Managed Detection and Response, (MDR),<br />
though, incursions are detected sooner, rather<br />
than later. MDR integrates endpoint and<br />
network tools under one platform, allowing<br />
better detection and automated remediation,<br />
alert prioritisation and response."<br />
As for whether a ransom demand should<br />
be paid, he is quite clear. "The cybersecurity<br />
experts' consensus is that ransoms shouldn't<br />
be paid. Depending on jurisdiction, paying<br />
for ransomware is potentially illegal, because<br />
it might be a) funding criminal activity, b)<br />
transferring funds to sanctioned entities, c)<br />
supporting terrorist organisations.<br />
"We understand the potential reputational<br />
damage forces many decision makers to pay<br />
the ransom, but, as an industry, we must<br />
highlight that payment does not guarantee<br />
the return of data, may fund further cybercrime<br />
activities and could even make the<br />
organisation a 'softer' target for future attacks.<br />
The advice is simple enough: focus on<br />
prevention, backup strategies and incident<br />
response plans instead."<br />
32<br />
computing security May/June 2024 @CSMagAndAwards www.computingsecurity.co.uk