High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
Article by Attivo Networks regional director for A/NZ Jim Cook.
Have you followed recent news reports on the cyber-attacks suffered by Lion and fervently hoped your organisation wouldn’t be next in the firing line?
The beverage and dairy giant hit the headlines in June after it emerged that an attack had forced it temporarily to shut down production. Later the same month, the perpetrators threatened to post confidential company data on the dark web, if the company did not pay a reported ransom of AU$1 million.
Other companies may find themselves in the same unenviable position before too long, as cyber-criminals step up their efforts to hijack operations and extort significant sums, in exchange for unlocking crippled systems or handing back sensitive corporate and customer data.
So much so that, also in June, Prime Minister Scott Morrison took the extraordinary step of advising Australian organisations to be on their guard against targeted attacks by a sophisticated, state-based cyber-actor.
“It is vital that Australian organisations are alert to this threat and take steps to enhance the resilience of their networks,” the Prime Minister said in a statement.
Keeping today’s assailants at bay is no small challenge. Cyber-security experts have noted the emergence of customised strains of ransomware designed to attack significant industries such as healthcare, financial services, and information technology.
Ransomware creators have also jumped on the as-a-service bandwagon in recent times; renting their illicit intellectual property to would-be attackers, in exchange for a percentage of any profit which ensues.
Phishing emails and social engineering campaigns remain popular attack vectors, and Australia’s vastly expanded remote workforce represents a happy hunting ground.
Scores of enterprises around the country were forced to enact remote working provisions on the fly, after shutdown measures designed to slow the spread of COVID-19 were announced back in March.
For some of these organisations, cybersecurity understandably ended up on the backburner – but poorly secured personal devices and connections can be an easy ‘in’ for attackers looking to introduce ransomware to corporate networks.
Unfortunately, there’s no single solution that can protect enterprises from malware attacks – and it’s probably unrealistic to think there ever will be.
Consequently, organisations should consider implementing an array of complementary measures that collectively provide a rich and deep defence against incursions of all kinds.
The tried and true firewall, along with an endpoint protection platform, will obstruct common and garden-variety malware attacks, while an advanced endpoint detection and response system can help deflect more sophisticated and customised gambits.
Meanwhile, the use of deception and concealment technology within the network can prevent attackers from causing severe harm to ICT infrastructure, by leading them down the garden path and not letting them find the data they are seeking in the first place.
The term ‘deception technology’ refers to the use of high-tech traps or decoys, which can trick attackers into thinking they’ve gained access to critical systems and data.
Concealment refers to new technology designed to hide data from and deny access to attackers. This ability to conceal data can apply to files, folders, network shares, removable drives, local administrator accounts, and also objects contained in Active Directory servers that hold the ‘keys to the kingdom’ for privileges and access.
Through direct engagement with a decoy or misdirection that leads them there, the security staff also gains the valuable ability to study their behaviour and garner intelligence on their methods, which they can use to strengthen defences further.
These technologies, when deployed in conjunction with one another, can give even determined attackers a run for their money – and businesses the best shot possible at successfully protecting assets and information.
Australian businesses have a difficult road ahead, returning their operations to profitability and growth, in the wake of the COVID-19 crisis.
A ransomware attack can be disruptive and expensive, something they can ill afford in these challenging economic times.
That’s why taking steps to mitigate this real and rising threat is an investment in the future local organisations need to make, in the here and now.