Authored by: Marcus Loh, CTO for Asia Pacific and Japan, Cohesity
Cyberattacks are becoming more sophisticated and targeted in nature. Ransom demands are getting higher and tactics are becoming more cut-throat. Threat actors are finding new ways to sidestep IT security measures, breach corporate defences and compromise company data. With the growing arsenal of cyber weapons, as reported in the Crowdstrike Global Threat Report 2020, the last twelve months have been a very busy time for ransomware gangs. Ransomware attacks are evolving with new features such as countdown timers, ransom amounts that increase over time and infection routines that enable it to spread across networks and servers.
Defending the organisation's network against the evolving dangers of ransomware will become increasingly challenging as cyberattacks get more insidious and threatening. There is however, a way to fight back. By identifying the organisation's security weak points, IT security teams can understand how it can be exploited as an attack surface.
Here are three ways cybercriminals exploit an organisation's security weak points:
Human factor is still the weakest link
All it takes is one click on an unscreened phishing link to get the job done. With employees working from home, using devices and internet connections outside the protected premises of the company's network, businesses have been relentlessly targeted by fraud and phishing emails during the pandemic. In fact, the recent Interpol Cybercrime Report shows an increase of 59 per cent in COVID-19 related fraud and phishing campaigns. To harden the defences against human fallibility, there is a need to increase awareness and set up security tools to keep malicious content at bay. However, efforts to fortify a security infrastructure is far from a precise science. Even the best laid out plans need to be continuously reviewed to adapt to evolving security challenges.
They know where you live
Hackers are aware of the fact that different industries present unique vulnerabilities. Moving away from scattergun phishing expeditions towards more targeted attacks, cybercriminals are now learning to exploit these industry-specific vulnerabilities. The recent Cyberthreat Assessment Report reveals that almost 40 per cent of ransomware attacks in Southeast Asia were detected in Singapore. As the financial services hub of the region, cybercriminals were simply following the money.
Pressure is the perfect driver
Aside from being locked out of critical data, companies are now threatened with the release of sensitive data harvested during the encryption attack, either simultaneously or as a follow-up demand.
There is also growing evidence of ransomware routinely targeting backup and disaster recovery systems as well as live data. As the company's critical business data is held hostage, hackers are able to drive huge ransom payouts turning cybercrimes into a more diversified and lucrative business.
Fortify your fortress, secure your backup
With careful assessment of the organisation's weaknesses, IT teams can plan and execute steps to protect the company against security threats. Once resiliency for protection has been considered, the next point of work is around recovery which underscores the importance of having a backup strategy. To support backup and archiving, most companies use Network Attached Storage (NAS) appliances. Due to its structure of being attached to the network, NAS appliances can expose backups as an easy target.
Once the backup data has been identified and attacked by a ransomware, takeover often occurs without the security team noticing it until the ransom demand hits the inbox.
The first line of defence is to lock down the network to which NAS appliances are attached while ensuring that NAS firmware is up to date with all the latest security patches applied. Companies can take extra steps by using of two-factor authentication and secure sockets layer (SSL) to protect remote access.
Frequent and regular backups of NAS storage and keeping copies off site and not connected to the network is the most secure approach. This is the only way to ensure that there is a clean, updated and restorable version of the data. However, this should be combined with regular integrity checks and malware scans to ensure data being copied is not compromised.
Additionally, many companies are adopting practices such as object storage, versioning, Write Once Read Many (WORM) technology and immutable file systems.
Companies are recognising the value of having a robust security infrastructure amidst the increasing dangers of cybersecurity threats. Training and increasing end-user security awareness, installing anti-malware tools on desktops and devices and enhancing back-end security infrastructure will help improve the organisation's security posture. Payouts should not be part of the option as this only encourages cybercriminals and bad actors to continue with the attacks. With backups as the company's last line and probably the most critical line of defence, the best route is to establish a backup strategy that will deter the ransomware takeover and enable rapid recovery.