Friday, 09 July 2021 01:30

Ransomware’s ‘home truths’

0
Shares
By Steve Singer, Zscaler,
Steve Singer, Regional Vice President - Australia and New Zealand, Zscaler

GUEST OPINION by Steve Singer, Regional Vice President - Australia and New Zealand, Zscaler::It’s been a torrid year for cybersecurity infections, and the targets have been indiscriminate. It’s time we faced up to some ‘home truths’ about the situation,

The repercussions of the Colonial Pipeline, JSA and Kaseya VSA product ransomware attacks may have spooked its attackers into laying low for a bit, but it won’t last.

While there’s still money to be extorted, the gangs will continue to scan for victims and craft attacks. And, as we’ve seen in 2021, they’ll be indiscriminate in the targets they pursue.

That’s led to some pretty interesting developments, including attempts to establish international ground rules on sectors that should be off-limits to a cyber attack.

In reaching that point, it’s probably also time we faced up to some ‘home truths’ about the ransomware scourge and how we arrived at this point.

The attack surface is big

The need to rapidly roll out remote work on a vast scale left IT departments with little time to fully consider new security architectures and the threat landscape. In some cases, apps were visible to the public-facing internet, where they could be discovered and attacked.

These structures are now becoming permanent, with many web-scale organisations making a ‘three days at the office, two days at home’ hybrid work week as standard. This calls for new models of presenting enterprise apps to remote workers while shielding those apps from unwanted attention.

With a distributed workforce, organisations need to implement a secure access service edge (SASE) architecture that can enforce consistent security policy no matter where the users are working (in-office or remotely). Zero trust network access (ZTNA) can also help hide apps from discovery and restrict access to a set of named entities.

Businesses pay up

Every government cybersecurity agency recommends not paying ransoms, and yet enough victims do so for ransomware to continue to be a lucrative endeavour.

There’s a wide cross-section of responses on how many companies admit to paying a ransom. One survey says 32% of victims paid up, another says 20%, and a hird survey says 56% - all within the last three months.

It’s likely payments fall on the higher side since many companies still won’t admit to paying. There’s reputational damage in falling victim to ransomware, but further embarrassment at ignoring the official advice and paying up - whether that’s for decryption keys or under duress to avoid a costly leak of stolen data.

One thing is certain: ransomware won’t stop while it remains lucrative, and only a fraction of payments are ever recovered.

Seeing double

Zscaler’s recent Ransomware Report highlighted a trend of double-extortion” attacks. These have emerged because victims stopped paying and chose to wipe their environments and restore from backup.

To counter this, attackers now encrypt data and also steal it. Even if they can recover the data from backups, affected organisations are then threatened with public exposure of their stolen data by criminal groups demanding ransom. In late 2020, the team noticed that this tactic was further augmented with synchronised DDoS attacks, overloading victim’s websites, and putting additional pressure on organisations to cooperate.

Businesses are leaky

The larger the organisation, the more likely it is to unintentionally leak information that would be valuable in the hands of adversaries.

Nowadays, companies publish more information about their infrastructure online than they should, and they are often entirely unaware that they have done so. Sometimes an incorrectly configured server is leaking data, or a hastily established development environment might be acting as a gateway for attackers to access critical data, or perhaps a simple open port is the culprit.

The internet also invites attackers to gain an in-depth knowledge of a company’s infrastructure, enabling them to execute targeted attacks at its weakest points. A firewall, for example, can give attackers unintended insight into a company’s structure; it may provide information on network names and domains in internal environments, which, in turn, can be used to identify potential areas for attack.

Understanding how attackers gain access is imperative for an organisation to implement appropriate measures to ensure that only authorised users obtain access to the necessary applications.

People get pwned

Attackers also focus their efforts on the weakest link in the security chain - people. The

OAIC Notifiable Data Breaches Report for the period July - December 2020 stated that “data breaches resulting from human error accounted for 38% of notifications, up 18% on its previous six month report”.

Australian Information Commissioner and Privacy Commissioner, Angelene Falk, says “The human factor is also a dominant theme in many malicious or criminal attacks, which remain the leading source of breaches notified to my office.

“Organisations need to reduce the risk of a data breach by addressing human error – for example, by prioritising training staff on secure information handling practices.”*

We all know how essential it is for companies to train their people to spot security risks, yet in many cases, ransomware infections still occur due to people clicking on things they shouldn’t.

Knowing this, it’s more important than ever to conduct regular security awareness employee training. At the same time, developing a culture of openness whereby employees are encouraged to question unusual requests, regardless of whether they emanate from a colleague’s email account or the CEO is also critical.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Published in Guest Opinion
Tagged under

Related items

More in this category: « Let’s take a deep dive into exfiltration activity and counter-measures
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top