CS Mar Apr 2022

More documents

Recommendations

Info

ansomware Daniel Hofmann, Hornetsecurity: ransomware-as-a-service is growing. This makes it easier for perpetrators to launch highly sophisticated cyberattacks. Jamie Moles, ExtraHop: there are things that businesses can do to beef up their cybersecurity posture. ransomware activity was denounced and banned from numerous cybercriminal forums in Q2 2021, our team has observed activity among the same threat actors on several forums using alternate personas". Tellingly, in December 2021 Trellix provided research that assisted FBI and Europol in the arrest of REvil affiliates and the seizure of $2 million in ransom. "As the threat of ransomware continues to grow, financial institutions must rely on technology that moves as quickly as the cybercriminals and can adapt in real-time to get ahead," adds the company. "Unfortunately, failing to take this approach only means opening themselves up to an attack." ACTIVE COUNTERMEASURES NEEDED Ransomware is, of course, highly profitable and, as such, it's not going away anytime soon, points out Ashok Sankar, VP of product and solutions marketing, ReliaQuest. "The enlarged attack surface of the modern, digital enterprise, plus the interconnected supply chain, makes trying to stop it complex. Although the insistence of the NCSC and other security leaders urging organisations to strengthen defences is welcomed, unfortunately thinking purely from a reactionary perspective is not enough. We also need to deploy active countermeasures that target the weaknesses of the hostage takers." One of the characteristics of ransomware is it has a relatively long dwell time, Sankar adds. "On average, hackers are inside an organisation for around 10 weeks before striking. During this delay, hackers will move laterally through the network to carry out reconnaissance and pre-strike preparation which generates detectable patterns. Unfortunately, not every organisation has the tools and skill sets to decipher these 'indicators of compromise' and react to the adversary's tactics. And even the ones that have are often chasing tails, due to potential false alerts." The response to ransomware needs three key pillars, he states. "The first is, of course, strengthening our defences. And that means not just buying more tools, but embracing organisation-wide frameworks and controls, such as Cyber Essentials, NIST, ISO27001 - or whatever works for your organisation. The MITRE ATT&CK framework is particularly useful in helping you to map out defences and understanding your level of preparedness. Implementation of controls needs to be supported with regular training and external audit, which recognises that people within the organisations and the threat landscape will constantly change." Next is a pragmatic approach, he advises. That means accepting that no single software element can stop ransomware. "Instead, we need to use what we have in more effective ways. This requires unifying the myriad of cyber security tools and ingesting telemetry from across the ecosystem, so there are no blind spots, driving singular situational awareness. Technology platforms that employ an XDR architecture can help integrate disparate systems and threat intelligence to make it easier to detect early signs of ransomware dwell. Finally, we need to be less prey and a bit more predator. We must be proactive and go hunting! This means employing expertise to actively chase down indicators of compromise that suggest hacker activities inside our systems. Just assuming that our defences are bulletproof is naïve, so allocating resources to more active responses is vital." FALSE SENSE OF SECURITY Ransomware is extremely threatening to organisations, whether they be government entities, privately owned businesses, healthcare providers or companies in charge of critical national infrastructure, states Jamie Moles, senior technical manager, ExtraHop. "What most organisations lack, however, is adequate IT security posture. According to a recent survey, 75% of UK IT decisionmakers are confident in their company's 30 computing security Mar/Apr 2022 @CSMagAndAwards www.computingsecurity.co.uk
ansomware ability to meet cybersecurity threats, yet 82% of organisations have suffered a ransomware attack in the past five years. This false sense of security is dangerous and can leave the door open for bad actors." There are a few things businesses can do to beef up their cybersecurity posture, Moles adds. "Continuous monitoring of the network for the use of insecure protocols is one example. Having a network detection and response (NDR) tool that can flag early signs of a breach prior to exfiltration and the ransomware payload being deployed is a key step to stopping a full-blown attack. A quick response will also allow identification of where the threat actor entered, so that developers can mitigate risk and, if possible, patch vulnerable code." Realistically, it's not possible to stop every single attack, he points out. "Preventing criminals from entering networks is still important, but IT needs a plan for when an intrusion does happen -catching the attackers in their midgame before the intrusion develops into a successful breach and theft or encryption of data. Ensuring good protocol, network segmentation and behavioural monitoring of the environment is crucial for organisations to help protect themselves." UNWANTED GIFT Ransomware is "the gift that keeps on giving" is the wry observation of Keith Driver, chief technical officer at Titania. "It's one of cybercriminals' favourite tactics, and it works. Attacks are skyrocketing. It only takes a quick search to find the names of recent victims - Nvidia, McDonald's, Acer, Ultimate Kronos Group (UKG), Colonial Pipeline. The list goes on; and those are the ones we know about. It's been reported that 84% of organisations have fallen victim to some form of phishing or ransomware attack in the last 12 months. And it's predicted that the global costs will reach $20 billion, a 75% increase from half a decade ago." The escalating problem is something businesses need to get ahead of, he states. "As well as defending the permit, educating users about phishing and the dangers of corrupted devices, more robust network security, especially around the core network, needs to be at the centre of a company's IT security plan. Maintaining network integrity will prevent data from being lost, stolen or held to ransom." Network segmentation and the principle of least privilege should be at the top of the agenda, he says. "They help prevent lateral movement within the network, limiting attacker options and visibility of network data during an assault. Segmenting the network and implementing least privilege policies helps with the journey to Zero Trust architectures: design principles recommended by CISA, DISA and the UK's NCSC. The benefits of network segmentation are numerous, he adds. "As well as making it more difficult to move east to west to pivot across networks, it makes it easier to monitor the network, too, and reduces the mean time to detect and remediate an attack (MTTD and MTTR). Security professionals can identify threats faster and isolate incidents quickly with a well-planned segmented network. With ransomware, the less access to valuable information the criminals have, the less data they can hold at ransom." As attacks level up their sophistication, businesses need to increase their security and overall cyber hygiene to stay one step ahead. "You may not prevent the bad guys from getting in, but you can stop or limit them from getting what they want and ruining your business." THE LINUX LINK Finally, VMware has released a threat report titled 'Exposing Malware in Linux-Based Multi-Cloud Environments'. Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include how ransomware is evolving to target host images used to spin workloads in virtualised environments. Ashok Sankar, ReliaQuest: the enlarged attack surface of the modern, digital enterprise, plus the interconnected supply chain, makes trying to stop ransomware complex. Ian Thornton-Trump, Cyjax: the only success story we can attribute to ransomware is publicly benchmarking its victims on the deplorable state of their organisation's security. www.computingsecurity.co.uk @CSMagAndAwards Mar/Apr 2022 computing security 31
Page 1: Computing Security Secure systems,
Page 4: Secure systems, secure data, secure
Page 7 and 8: Strengthen your data resilience wit
Page 10 and 11: ehavioural insights INFORMATION SEC
Page 12 and 13: MSP insights THE MSP ATTACK TARGET
Page 14 and 15: metaverse VIRTUAL WORLD, REAL DANGE
Page 16 and 17: compliance GETTING TO THE HEART OF
Page 18 and 19: cloud THE CLOUD CONUNDRUM CLOUD, IN
Page 20 and 21: cloud Raghu Nandakumara, Illumio: a
Page 22 and 23: tech scrap I.T. EQUIPMENT JUNKED PR
Page 24 and 25: NHS breaches NHS BREACHES - JUST A
Page 26 and 27: NHS breaches Felix_Rosbach, comfort
Page 28 and 29: ansomware RANSOMWARE NOW A GLOBAL M
Page 32 and 33: Log4shell LOGJAM OF CONCERNS LOG4SH
Page 34 and 35: Log4shell Jude McCorry, SBRC: all o
Page 36: PLAY IT SAFE WITH 365 TOTAL PROTECT

CS Mar Apr 2022

Create successful ePaper yourself

Delete template?

Save as template?