CS Oct 2021
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ansomware<br />
these would be more valuable. There should<br />
be a strong encouragement not to pay<br />
ransoms, but, in parallel, investment needs to<br />
be made in stopping the attack in the first<br />
place. Prevention is far better than cure."<br />
PREVENTION FIRST APPROACH<br />
Any intelligence that can be gathered post<br />
breach helps understanding for the future.<br />
"But what's even better is a 'prevention first'<br />
approach that features a multi-layered<br />
defence system, with more than one swing at<br />
the ball to stop an attack. We need to spend<br />
more time on stopping these attacks preexecution<br />
before the damage is done. Many<br />
technologies need an attack to execute and<br />
run before they are picked up and checked to<br />
see if they are malicious, sometimes taking as<br />
long as 60 seconds or more. When dealing<br />
with an unknown threat, 60 seconds is too<br />
long to wait for an analysis."<br />
In order to ensure business continuity,<br />
organisations need to invest in solutions that<br />
use technology such as deep learning, "which<br />
can deliver a sub-20 millisecond response<br />
time in stopping a ransomware attack, preexecution,<br />
before it can take hold, actually<br />
predicting the ransomware attack and<br />
therefore protecting the organisation,"<br />
Wallace states. "Using this type of technology<br />
means organisations no longer need to worry<br />
about whether or not to pay a ransom, as<br />
there is a solution that prevents the attack<br />
altogether.<br />
"Furthermore, investing in a solution that<br />
offers a 'ransomware warranty', whereby the<br />
organisation receives a certain amount if they<br />
experience a ransomware attack, using that<br />
provider's technology is beneficial. Warranties<br />
ensure an extra level of protection, should a<br />
ransomware attack occur, and allow for some<br />
alleviation, in terms of how much it will cost<br />
the organisation to recover after the attack."<br />
BACKED INTO A CORNER<br />
Callum Roxan, head of Threat Intelligence<br />
at F-Secure, accepts that the payment of<br />
ransoms to cyber criminals is not a "socially<br />
optimum outcome, but in the moment,<br />
faced with the loss of income, data and<br />
reputation, many organisations will feel<br />
backed into a corner where they will 'have to'<br />
pay. "Ever-evolving extortion models and<br />
technological advances ensure organisations<br />
need to continually invest to keep up to<br />
speed with the latest threats posed by the<br />
sprawling ransomware ecosystem. In purely<br />
financial terms, the judgment is often made<br />
that accepting the risk of ransomware is<br />
more palatable than investing heavily into<br />
cybersecurity to mitigate the risk."<br />
The continued payment of ransom demands<br />
funds additional advancements, continued<br />
operation and acts as an incentive to<br />
attract new actors to conduct ransomware<br />
attacks. "Breaking this cycle is something<br />
governments and the cyber security industry<br />
need to fix, shifting the balance of incentives<br />
to not paying ransoms and making securing<br />
your organisation against these threats less<br />
costly and more effective."<br />
WHERE DID IT ALL GO WRONG?<br />
All too often, organisations put too much<br />
focus on the detection and response of a<br />
ransomware attack, instead of looking at the<br />
steps that has allowed an attacker to get to<br />
the point of demanding ransom, argues Mike<br />
Fleck, VP marketing at Cyren. "The ransom of<br />
an attack is so far along the attack chain<br />
that, by the time the 'ransomware' attack has<br />
already been deployed, it's too little, too late."<br />
He divides ransomware attacks into two<br />
categories: a 'drive-by attack', which tricks<br />
users into installing malware onto their<br />
devices, whether that be a PC at home or<br />
a healthcare kiosk in an emergency room.<br />
While these attacks directly affect those users,<br />
they are random as to whom they affect. "The<br />
more serious attacks are the ones that target<br />
a specific organisation. The attackers look<br />
for the most impactful way to infect an<br />
organisation through the vulnerabilities they<br />
find and then launch a ransomware attack.<br />
In order to get to that point, the attackers<br />
would have had to identify the organisation,<br />
find the vulnerabilities within that organisation,<br />
launch the malware and then deploy<br />
the ransomware attack."<br />
Often the cause of a ransomware attack<br />
and the attacker's access point into an<br />
organisation, adds Fleck, is through a<br />
phishing email where an unsuspecting user<br />
has clicked on a link, which then deploys a<br />
backdoor on the device, allowing the attacker<br />
to gain access into the organisation's network<br />
and find its vulnerabilities. "Organisations<br />
need to look at the precursors to ransomware<br />
attacks and the steps that get the attacker to<br />
where they need to be before they launch the<br />
malware itself."<br />
Phishing attacks will always enter your<br />
network and breach your organisation, he<br />
points out. "Therefore, the focus needs to<br />
be on the antecedents to the attack and<br />
understanding what they are, in order for the<br />
organisation to deal with the attack better.<br />
Only then will organisations be able to<br />
remediate properly, rather than focus on<br />
detection of, and response to, the final step<br />
in the attacker's plan. At present, email<br />
security is overly focused on prevention,<br />
which demonstrates diminishing returns for<br />
each new layer of detection. By adding a realtime<br />
detection and automated remediation<br />
capability to identify and eliminate phishing<br />
threats rapidly, we can minimise the impact<br />
of when a phishing email makes it through<br />
our defences."?<br />
At Bitdefender, while the company expects<br />
to see ransomware operators continuing to<br />
offer new and more dangerous versions of<br />
ransomware, the company's director of<br />
Threat Research and Reporting, Bogdan<br />
Botezatu, states that it will maintain its<br />
commitment to helping users regain control<br />
of their digital lives and denying profits to<br />
attackers. "Collaboration between major<br />
cyber-security solution providers and law<br />
enforcement agencies allows us to combat<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Oct</strong>ober <strong>2021</strong> computing security<br />
29