03/01/2021 | Press release | Distributed by Public on 03/01/2021 11:09
This is a summary of an article written for Security Magazine by Derek Manky, Chief of Security Insights and Global Threat Alliances at FortiGuard Labs. The entire article can be accessed here.
Ransomware attack trends continues to evolve, and the current iterations seen during the COVID-19 pandemic are no exception. During this time, malicious actors have attacked healthcare organizations, medical trials, schools, and shipping agencies. Considering the impact these modern attacks can have on organizations everywhere, no matter the industry, security professionals must always be ready to secure their systems, networks, and software in new ways. And according to a recent FortiGuard Labs global threat landscape report, ransomware remains a prolific threat which increased in 2020 and became even more disruptive.
Ransomware as an attack methodology has the potential to cause severe damage. As attacks grow in sophistication, the impact goes beyond just financial losses and the lack of productivity often associated with systems going down. Instead, threat researchers are increasingly seeing encrypted versions of data being posted online - not just held for ransom - along with the threat that if the ransom is not paid, all of the data will be released to the public or sold to a buyer. As a result, organizations have begun to appear on the Dark Net with a business model centered on negotiating ransoms. And while systems like this may sound like an easy fix, they can actually have long-term negative effects, including the normalization of criminal behavior.
Further, as IT and OT systems converge, ransomware attacks have begun to target new data and technology types. Field devices and sensors have become new targets, resulting in malicious actors shifting their focus from corporate networks to the OT edge. In turn, power grids, transportation management infrastructures, medical systems, and other critical resources are being threatened more than ever before. And this shift impacts more than sensitive information. At the OT edge, these Industrial Internet of Things (IIoT) devices are also responsible for people's physical safety, demonstrating the severity of attacks on these networks.
When impacted by a ransomware attack, some organizations may find it easier to pay than have their IT team spend days trying to recover data, all while business operations remain at a standstill. But this is not always the case. To remind organizations of this fact, the U.S. Treasury recently warned that facilitating the payment of ransoms on behalf of cyber victims could result in legal consequences, as it sets a bad precedent for other cyber criminals. It should also be noted that paying a ransom does not guarantee that the threat will go away instantly. In some cases, the information that organizations worked so hard to protect had already been exposed and can cause additional long-term problems.
Attackers know that end-users are high-target, high-value assets. Ransomware leverages social engineering attacks, preying on fears as a way to execute malicious code on devices. With this in mind, cyber hygiene must start as a board-level conversation.
A top-down approach to creating a strong ransomware mitigation strategy includes:
Another key factor to developing a strong security posture is working with all internal and external stakeholders, including law enforcement. More data ensures more effective responses. Because of this, cybersecurity professions must openly partner with global or regional law enforcement, like US-CERT. Sharing intelligence with law enforcement and other global security organizations is the only way to effectively take down cybercrime groups, as defeating a single ransomware incident at one organization fails to reduce the overall impact within an industry or peer group.
Cyber criminals have been known to target multiple companies, verticals, systems, networks, and software. In order to make attacks more difficult and resource-intensive for cyber criminals, public and private entities must collaborate by sharing threat information and attack data. Private-public partnerships also help victims recover their encrypted data, ultimately reducing the risks and costs associated with the attack.
When private and public entities work together, they also expand visibility. For example, a bank may suffer a ransomware attack but fail to share information responsibly with law enforcement. Law enforcement working with a credit card company also impacted by the same cybercrime group needs that information to understand the criminal organization's full scope. Cybercrime lacks borders. Actionable threat intelligence with global visibility helps both the private and public sectors shift from taking a reactive approach to being proactive.
Similarly, by developing and sharing playbooks, which offer a detailed view of cyber criminals' 'fingerprints,' organizations can enhance their response activities. Detailing how known cyber criminal groups work only enables defenders to become stronger and more strategic. Blue Team (defensive) playbooks provide defenders with winning strategies against present and future cyberattacks. And when paired with Artificial Intelligence (AI), security teams can leverage the playbooks to build an advanced, proactive protection framework, enabling them to respond to new threats in real-time. AI also gives them the tools necessary to evolve their methodologies at the same rate as cyber criminals so that they can create more refined and granular responses earlier in the attack cycle.
Cyber criminals will continue to cause chaos with ransomware attacks. Modern ransomware places data and lives at risk, meaning organizations must take a more proactive approach to secure their environments. From a technical standpoint, cyber hygiene, zero-trust policies, network segmentation, and encryption offer protections. Further, these strategies work best when organizations leverage asset visibility tools to identify their critical assets - once they know where the data resides, they can create a proactive protection strategy. Finally, the human element remains as important as technology. Building relationships with law enforcement to share information and threat intelligence is the final piece of the ransomware puzzle. The only way to defeat cyber criminals is to work together against them.