Cybersecurity threats are costly nightmares. According to the FBI’s 2020 Internet Crime Report, ransomware attacks in the United States alone cost U.S. organizations more than $29.1 million last year. The U.S. government considers that paying the ransom is entering a vicious cycle that will motivate more extortion by cybercriminals.
Valther Galván, CISO of a SOFIPO in Mexico, considers that this scourge affects different aspects of companies. For example, it impacts business continuity, causes reputational damage, loss of customers, among other things.
There are a lot of things that should be done to stop ransomware, which includes using stronger encryption. Mid-sized and large organizations often resort to endpoint privilege management which is a powerful encryption model used along PAM (privileged access management) to protect endpoints, users, and identities.
To respond to this type of threat, Galván believes that a combination of elements is required to adequately protect organizations. “This includes aligning to solid security practices, as well as implementing innovative prevention and detection schemes for advanced persistent threats. But in particular, taking preventative measures.” The executive recommends 10 actions to protect against ransomware.
Make users of organizations aware of how threats work and, above all, how to prevent them. -This point usually coincides with multiple perspectives.
Limit access permissions to users’ computers by applying hardening techniques that prevent employees from running software with administrative privileges.
To increase the security of the accesses relying on mechanisms like the double factor of authentication or advanced solutions to strengthen the corporate access.
Implement solutions to prevent users from clicking on links they have received in the mail. Although awareness has been created among users so that they do not click on suspicious links, this requires greater emphasis, because security involves people, processes and technology.
Protect information by having it properly identified and backed up. It must be encrypted and protected from unauthorized access.
Increase the visibility of the technological infrastructure. Many organizations today do not have complete visibility of what is happening inside their organizations, at least in terms of networks and communications.
Perform multiple analyses of cybersecurity events. These analyses will have to be assisted by incorporating AI engine tools to automate the massive processing of logs, system logs, to filter out ‘false positives’ and focus on the events that could really be significant.
Segregate the network. This is critical to facilitate action to contain any cyber threats.
Implement cybersecurity tools capable of detecting advanced persistent threats (APTs) and lateral movement. Primarily those that are non-signature based and use AI and ML engines.
Rely on a framework or standard. There are frameworks such as the MITRE Attack, a comprehensive matrix that gathers and classifies techniques and tactics used by attackers, which includes very specific ransomware techniques in a category called “impact.” Its information allows security teams to see how they can be attacked or review their abilities to detect and stop such threats and plan for optimal protection.
Ransomware, an evolving threat
Ransomware uses social engineering to entice the user to perform an action on their computer or mobile device. Clicking a link, entering a USB drive or visiting a website can put the entire organization at risk. When the victim falls, the attacker can escalate privileges and identify the information handled by the user for subsequent hijacking through encryption.
Galván recalls that in the late 1980s, the first documented ransomware appeared: the AIDS Trojan or PC Cyborg Trojan. It was released on floppy disk in 1989 and resulted in a wave of extortion threats at the beginning of this century. However, it did not come to the attention of the general public until another, more advanced threat called CryptoLocker appeared in 2013.
From there it has evolved into the famous WannaCry, which is considered one of the most devastating and economically impactful attacks. This, along with NotPetya, was very successful due to the implementation of exploits, as the interviewee points out.
Since criminals are always looking for ways to optimize their operations and generate more profit, they were inspired by as-a-service models to create RaaS, whose providers offer all the necessary attack components to generate ransomware campaigns. With this latent risk, following a decalogue like the one proposed by Galván could be a lifesaver to prevent being affected by this threat.