Story image

Prevention better than cure, strategies to mitigate cybersecurity incidents

Do businesses believe they can’t stop a breach? Have cyber-criminals worked out a quick and easy way to monetize cyber-crime? With Bitcoin or PayPal as payment, the ease of encryption technology and the open access to malware, everything has become much simpler for malicious actors. Ransomware has been distributed in various ways and comprises different methods of infection such as:

•Email phishing campaigns with nefarious attachments
•Ransomware as a Service
•File sharing
•Drive-by downloads
•Malvertizing
•Ecommerce sites
•Worms for lateral movement (Ransom works)
•Malware as a service
•And more

The combination of attack surfaces, variations and volume of malware appears to have driven a mindset of  “it’s going to happen anyway”.

Data can be restored from backups or ransoms can be paid. In either case, time, resource and cost is a factor. Time is money and reputation and reputational damage in some cases can be irreversible.  

A very good example of the damage to reputation after the breach was the case of HB Garry Federal.

Ransomware is evolving.  

The next evolution and the obvious one is going beyond encryption to exfiltration. The implications and ramifications of maliciously encrypted data that is exfiltrated are frightening. Malicious actors can demand a ransom to unencrypt the data and to guarantee that data will not be released or resold.  

The value of those ransoms will become exponential. If payment isn’t made then the loss of the data may be the least of business’ problems. That data may become publicly available or sold to other criminals. The legal, reputational and monetary damage could be unrecoverable.

Remember, as at the 22nd of February 2018 in Australia, the Notifiable Data Breaches scheme means businesses have to report the data breach in most cases.

Light in the tunnel.

If the security community is honest, there is no end of the tunnel. However, the tunnel is illuminated. Security is a journey, not a destination.  

Looking at the above methods of distribution and styles of Ransomware we can see that there are moving targets for Cyber Criminals too. It’s not all plain sailing for them.

•Available vulnerabilities
•Credentials required for escalated privileges
•Defence systems in place
•User awareness and cybersecurity maturity
•Organisational Cyber Security Maturity and more.

As is the case with the majority of Malware, Ransomware relies on certain conditions to exist within the threat actors target, for it to be successful.

The vulnerabilities Ransomware will exploit must exist. Anti-Malware programs running must not have seen the particular variant or new sample before.It needs to evade detection of behavioural defence mechanisms. 

It has to evade email and web gateway defences. It may need to rely on users to interact with it to enable its functionality. In many cases, it needs access to elevated privilege to perform its function.  It has to be stealthy enough not to be seen traversing a network.There are a considerable number of barriers a threat actor needs to overcome to be successful.

With the right barriers in place in the right places, it can be near impossible for a threat actor to be successful. And is the case with physical crime, much of what cyber criminals do is opportunistic. If an attack is unsuccessful or a target too difficult to compromise, they’ll move on.  

Targeted attacks are generally more sophisticated and depending on the prize, can happen over a long period of time. But the longer a malicious actor attempts to compromise a system, the greater the risk of detection.

The ASD’s Strategies to Mitigate Cyber Security Incidents is one light in the cybersecurity tunnel. And a significant one. But even the ASD has now included backup as one of the strategies in what they term, “The Essential Eight”. The Essential Eight also contains the “Top 4”. This is where it gets very interesting.

Click here to find out more.

Part two of four.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.