CS Jan-Feb 2024

More documents

Recommendations

Info

ansomware WE SHALL NOT BE MOVED! SEVERAL COUNTRIES HAVE TAKEN A STAND AGAINST RANSOMWARE ATTACKS BY AGREEING NOT TO MAKE PAYMENTS TO HACKERS shoplifting. Ransomware is an epoch event in information security: CISOs who have promised to 'protect the business, if only I have enough people and budget' are just doing performance art," adds Gladwell. The US government and dozens of its international allies have pledged never to pay ransom demands, in a bid to discourage financially motivated hackers and ransomware gangs profiteering from the current onslaught of cyber-attacks. The joint pledge is aimed at enhancing international cooperation to combat the growth of ransomware. It embraces 48 countries, as well as the European Union and Interpol, making it the largest cyber partnership in the world. (Anne Neuberger, the White House's deputy national security advisor for cyber and emerging technologies, recently reported that another country has joined the CRI since the meeting - bringing the total number of countries to 49.) The European Union and INTERPOL have also signed the pledge, which stops short of actually banning companies from making ransom payments, which the US government has for long warned could inadvertently create opportunities for further extortion by ransomware gangs. However, Neuberger says that the initiative will aim to "counter the illicit finance that underpins the ransomware ecosystem". Her argument is that ransom payments not only fuel future attacks, but also don't guarantee the safe return of stolen data - or that all copies have been erased. Data provided to the US government by ransomware negotiators shows that companies with good backups are able to recover "far more quickly" than companies that pay a ransom. "Paying a ransom not only encourages ongoing ransomware attacks, it also is not necessarily the fastest way to recover," she insists. "Do those backups and do the basic cybersecurity practices that we know make a difference." RAD-ICAL THINKING While the 'don't pay, won't pay' mantra serves as a laudable goal for reducing the motivation of attackers, organisations need to have resilience to withstand attacks before they are forced to take this position, states James Blake, EMEA CISO at Cohesity. "Best-selling author Malcom Gladwell nailed it in his closing keynote at Mandiant's MWise conference…when he talked about 'Radical Asymmetric Distribution' (RAD): organisations are better off investing in the ability to recover quickly and withstand attacks than invest in the illusion that we can stop all attacks." CISOs have to start having adult conversations with the business and stop suggesting that "cyber risk is unlike any other risk. It needs to be brought into the realm of every other operational risk that is a cost of doing business, such as pandemics, hurricanes and "Only focusing on likelihood mitigations when you're facing the inevitable is an act of insanity - impact must be reduced and ideally resilience achieved. We starve the adversary of funds by organisations being able to withstand attacks, not by legislation. That will only criminalise the victims. Fundamentally changing the perspective on the balance of Protection/Detection to Response/Recovery is where value will really be delivered. Legislation like EU's DORA that promotes digital operational resilience will deliver far better pragmatic cyber risk management than simply locking up executives." BREACHED, BIT BY BIT Satnam Narang, senior staff research engineer, at Tenable, highlights how LockBit is breaching some of the world's largest organisations - many of whom have incredibly large security budgets. He also points to how threat researcher Kevin Beaumont found that attackers have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed, after tracking attacks against various companies, including the Industrial and Commercial Bank of China (ICBC), DP World AU, Allen & Overy and Boeing. Narang believes ransomware attacks are a threat to civil society, as long as organisations keep paying. Therefore, large-scale enterprises need to be able to patch vulnerabilities like CitrixBleed quickly. "Mass exploitation of CVE- 2023-4966, a critical sensitive information disclosure vulnerability in Citrix's NetScaler ADC and Gateway products, has been ongoing since October 30 [2023]. Dubbed 'CitrixBleed' by researchers, at the time, there were estimates of 30,000 internet-facing assets that were vulnerable to this flaw. Recent analysis suggests that the number has 24 computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk
ansomware decreased to over 10,000 assets, with the majority located in the United States," he says. "With publicly available proof-of-concept exploit code, a variety of threat actors have been leveraging this flaw as part of their attacks over the last few weeks, including affiliates of the infamous LockBit ransomware group and Medusa. Ransomware groups are mostly indiscriminate in their attacks, motivated by profits over anything else. Organisations that use Netscaler ADC and Gateway products must prioritise patching these systems immediately, as the threat of exploitation is extremely high, especially by ransomware groups." SMASH-AND-GRAB ATTACKS Meanwhile, Sophos has revealed how these active adversaries are now carrying out ransomware 'fast' attacks in mere hours in its '2023 Active Adversary Report for Security Practitioners'. The Sophos X-Ops report showcases the forensics of fast smash-andgrab ransomware attacks and the precise tactics, techniques and procedures (TTPs) attackers are using to operate in this new high-speed attack mode - including preferred living-off-the-land binaries (LOLBins) and other tools and behaviours that get them close to crucial resources that they want to exploit. This evidence in the report, along with detailed explanations of how certain attacks unfold, demonstrates the need for regularly adapted security solutions to protect, detect and disrupt intrusions as fast as possible on the attack chain, states Sophos. "In the face of fast-moving adversaries who are continuously evolving their TTPs - and often blend the use of legitimate tools - to execute multi-stage attacks, cybersecurity defences need to be dynamic and foresightful," state Raja Patel, chief product officer at Sophos. "Sophos is taking a proactive, protection-first approach to stopping threats at the front door before they escalate. We're evolving products with industry-first security capabilities that are powered by Sophos X- Ops' deep threat intelligence from more than half a million organisations globally to identify and counter threats at speed and scale." Adds John Shier, field chief technology officer at Sophos: "As attackers speed up their attack timelines, one of the best things organisations can do is increase friction whenever possible; in other words, if their systems are well maintained, attackers must do more to subvert them. That takes time and increases the detection window. Robust, layered defences create more friction, increasing the skill level the attacker needs to bring to the table. Many simply won't have what it takes and will move on to easier targets." NO SAFE PLACE In 2023, it seems ransomware was, well, everywhere. The Kyocera AVX's attack, for instance, impacted the personal data of over 39,000 individuals, while the attack at China's largest bank (ICBC) resulted in the disruption of global financial services, including the US Treasury. Also prominent in the news was the State of Maine data breach, linked to a Russian ransomware gang, which was said to have affected 1.3 million residents. Little wonder, then, that Dr Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, reflects on the growth of ransomware and why it won't slow down any time soon. "Unfortunately, the [illicit] business model of ransomware is both resilient and sustainable for perpetrators. First, there is a plethora of wealthy victims who are poorly protected and are a 'perfect victim', even for technically inexperienced criminals. "Secondly, the risk of getting caught - despite several prominent operations by law enforcement agencies in 2023 - are still infinitesimal. Moreover, many perpetrators are based in non-extraditable jurisdictions and can act with complete impunity. Thirdly, the abundance of cryptocurrencies makes money laundering very easy, allowing cybercriminals to fully James Blake, Cohesity: only focusing on likelihood mitigations when you're facing the inevitable is an act of insanity. Satnam Narang, Tenable: organisations that use Netscaler ADC and Gateway products must prioritise patching these systems immediately. www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security 25
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Bernard Montell. HORNETSECURIT
Page 8 and 9: news Sukru Ilker Birakoglu. SUPPORT
Page 10 and 11: 2024 predictions THROUGH THE ‘LUR
Page 12 and 13: 2024 predictions Aaron Kiemele, Jam
Page 14 and 15: training SAFEGUARDING HR IN THE AGE
Page 16 and 17: cybersecurity THE TOP-LEVEL FIBRE B
Page 18 and 19: artificial intelligence AI - WHERE
Page 20 and 21: artificial intelligence Gareth Lock
Page 22 and 23: phishing PHISHING FOR THE ANSWERS D
Page 26 and 27: ansomware Raja Patel - Sophos: cybe
Page 28 and 29: attack… attack POINT OF IMPACT IN
Page 30 and 31: attack… attack Amit Sinha, DigiCe
Page 32 and 33: cybercrime STAYING ABOVE THE WATER
Page 34 and 35: cybercrime crisis is behind us, the
Page 36: Computing Security Secure systems,

CS Jan-Feb 2024

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?