Story image

Prevention better than cure, strategies to mitigate cybersecurity incidents

Do businesses believe they can’t stop a breach? Have cyber-criminals worked out a quick and easy way to monetize cyber-crime? With Bitcoin or PayPal as payment, the ease of encryption technology and the open access to malware, everything has become much simpler for malicious actors. Ransomware has been distributed in various ways and comprises different methods of infection such as:

•Email phishing campaigns with nefarious attachments
•Ransomware as a Service
•File sharing
•Drive-by downloads
•Malvertizing
•Ecommerce sites
•Worms for lateral movement (Ransom works)
•Malware as a service
•And more

The combination of attack surfaces, variations and volume of malware appears to have driven a mindset of  “it’s going to happen anyway”.

Data can be restored from backups or ransoms can be paid. In either case, time, resource and cost is a factor. Time is money and reputation and reputational damage in some cases can be irreversible.  

A very good example of the damage to reputation after the breach was the case of HB Garry Federal.

Ransomware is evolving.  

The next evolution and the obvious one is going beyond encryption to exfiltration. The implications and ramifications of maliciously encrypted data that is exfiltrated are frightening. Malicious actors can demand a ransom to unencrypt the data and to guarantee that data will not be released or resold.  

The value of those ransoms will become exponential. If payment isn’t made then the loss of the data may be the least of business’ problems. That data may become publicly available or sold to other criminals. The legal, reputational and monetary damage could be unrecoverable.

Remember, as at the 22nd of February 2018 in Australia, the Notifiable Data Breaches scheme means businesses have to report the data breach in most cases.

Light in the tunnel.

If the security community is honest, there is no end of the tunnel. However, the tunnel is illuminated. Security is a journey, not a destination.  

Looking at the above methods of distribution and styles of Ransomware we can see that there are moving targets for Cyber Criminals too. It’s not all plain sailing for them.

•Available vulnerabilities
•Credentials required for escalated privileges
•Defence systems in place
•User awareness and cybersecurity maturity
•Organisational Cyber Security Maturity and more.

As is the case with the majority of Malware, Ransomware relies on certain conditions to exist within the threat actors target, for it to be successful.

The vulnerabilities Ransomware will exploit must exist. Anti-Malware programs running must not have seen the particular variant or new sample before.It needs to evade detection of behavioural defence mechanisms. 

It has to evade email and web gateway defences. It may need to rely on users to interact with it to enable its functionality. In many cases, it needs access to elevated privilege to perform its function.  It has to be stealthy enough not to be seen traversing a network.There are a considerable number of barriers a threat actor needs to overcome to be successful.

With the right barriers in place in the right places, it can be near impossible for a threat actor to be successful. And is the case with physical crime, much of what cyber criminals do is opportunistic. If an attack is unsuccessful or a target too difficult to compromise, they’ll move on.  

Targeted attacks are generally more sophisticated and depending on the prize, can happen over a long period of time. But the longer a malicious actor attempts to compromise a system, the greater the risk of detection.

The ASD’s Strategies to Mitigate Cyber Security Incidents is one light in the cybersecurity tunnel. And a significant one. But even the ASD has now included backup as one of the strategies in what they term, “The Essential Eight”. The Essential Eight also contains the “Top 4”. This is where it gets very interesting.

Click here to find out more.

Part two of four.

McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.