Global VP of Marketing
NNT - New Net Technologies
The news and magazines were filled with stories about ransomware attacks on critical elements of our daily-life and supply chains. The attacks on Colonial Pipeline (hampering the oil & gas supply) and JBS (endangering the food supply chain) were only the tip of the iceberg.
And yes, there has been some promising activity and successes in recent weeks from Government and Law Enforcement Agencies (LEA) across the globe related to ransomware, its eco-system and the priority assigned to it by the authorities and Governments. One might say, finally.
These kind of activities include top tech firms, administrations, and LEAs intensifying their cooperation to disrupt cybercriminal ransomware gangs by limiting their ability to get paid and targeting the individuals and finances of the organized thieves behind these crimes. A new framework addressing ransomware risks has been drafted by NIST.
All of these efforts are needed, long awaited, and they will help to dry out the ransomware eco-system in the long run.These kind of activities include top tech firms, administrations, and LEAs intensifying their cooperation to disrupt cybercriminal ransomware gangs by limiting their ability to get paid and targeting the individuals and finances of the organized thieves behind these crimes. A new framework addressing ransomware risks has been drafted by NIST.
There will of course be setbacks as well when certain ransomware infrastructure and technology re-emerges such was the case with Emotet. This is one of the indicators that ransomware as a dominant cyber security threat is not done and solved.
Ransomware attacks have evolved over time, from a ‘hit-and-run’-style attack to well-crafted playbooks using ‘breach, explore, extract, encrypt, offer’ as the new mode of operations. The ‘explore’ and the ‘offer’ elements will evolve further in the future, as the promises of value are ever present within the data the attackers are searching for.
Production data,for example, the way a certain type of high-quality steel is manufactured, or the settings and measures in place to control the processes in a chemical plant, these are all elements of a company’s intellectual property and a target of leverage and value. Encrypting these controlling devices is for sure one aspect of the expanded ransomware eco-system. But that eco-system has more variants that promise gains for attackers and the arms race initiated by the recent activities will in some ways determine which ones will emerge as preferred.
For companies and organizations, especially those in the Critical Infrastructure space, our operating essential supply chains, it is not the time to relax or to lower the guards. There is too much money on the table for the attackers to simply leave the game.
And there is still much to do.
A new facet of ransomware attacks appears to have established itself, born out of an ‘abundance of caution’. Companies detecting a suspected ransomware attack are opting to shut down entire global IP networks early to prevent any serious harm. It seems that organizations lack the confidence to detect a potential attack, leading to drastic – and often unnecessary - wholesale action in response, which only increases the stakes and adds to the pressure.
Security professionals have heard this statement, ‘we operate a rather flat network’, facing the issue of managing and improving the security of such a setup with limited resources. It is also an indicator of the old ‘fortify the parameter’ paradigm still being widely in use. Whatever the case is, organizations should have mechanisms in place for rapid detection of unexpected changes within their infrastructure as the ultimate early detection mechanism in any malware attack.
The early steps in the cyber kill chain are a good example of where organizations should look to, if they want to protect themselves from ransomware. They should answer questions like:
Security controls and security workflows orchestrated in a way that reduces an organization’s exposure and help to detect malicious changes are therefore essential to combat the heightened Ransomware threat.
Change Control operated under a SecureOps strategy provides the visibility and validation of all changes within an organization’s tool chain and workflow. Enhanced control of change guards against ransomware, providing crucial, early breach detection and a forensic audit trail to expose the spread of compromise. If recent events have taught us anything, it should be that now is the time to expect a cyber attack to be successful and to think more about how it would be detected and how could damage be limited. This is the thinking behind the modern cyber security mindset of cyber resilience, the only way to be ready for ransomware in 2021
SecureOps™ and NNT's Change Tracker are your guards against ransomware, and they will also help you in many more aspects of cyber resilience.