Ransomware on ‘roids: how enterprises can combat the rising risk of multi-faceted extortion
Article by ExtraHop regional sales manager for A/NZ Glen Maloney.
Relieved that your organisation hasn’t — yet — fallen victim to a significant cyber-attack but have a sneaking suspicion it’s been more by luck than design? You’re not alone. Over the past year, business leaders around the country have been getting progressively more nervous about the prospect of their organisation becoming the next victim.
Their concern is not unwarranted. Since the COVID-19 crisis began in early 2020, hackers and cyber-criminals have ramped up their campaigns to infiltrate and hijack critical ICT infrastructure, and their efforts haven’t been in vain. Incidences of organisations being knocked out of action or held to ransom have increased rapidly. Scarcely a week goes by now without news of another casualty.
Paying the price
In May this year, the world watched on as sophisticated cyber-criminals orchestrated an instant energy crisis in the US when they took down the Colonial Pipeline, a vital artery that carries 2.5 million barrels of fuel a day to the country’s eastern states.
A bitcoin ransom of $US4.4 million unlocked Colonial Pipeline’s crippled systems and, although a subsequent FBI operation resulted in the seizure of some of that sum, the incident was a chilling illustration of the widespread havoc an attack can cause in the digital era.
Closer to home, household name organisations have had similar experiences. Last year, beverage giant Lion Australia forked out a reported ransom of $A1 million to put an end to a series of cyber-attacks that disrupted its manufacturing and brewing operations.
By way of an incentive to part with the sum, the perpetrators provided online proof that they’d stolen copies of Lion’s company and client files which they planned to publish or sell on the dark web.
Meet the multi-faceted extortionists
According to security researchers, businesses should brace themselves for many more such attacks, as cyber-criminals increasingly ‘go nuclear’, combining encryption with exfiltration — unauthorised data transfer from a computer or network.
FireEye Mandiant’s annual M Trends Report, which documents security trends and incidents between October 2019 and September 2020, noted a significant rise in gambits of this nature — so much so that the report authors coined a new term to describe the phenomenon: multi-faceted extortion.
It’s happening more and more because it works. Faced with the prospect of having proprietary data or sensitive customer information pushed into the public domain, business leaders are far more inclined to pay the price than they might otherwise have been.
Neutralising the threat
So, how can businesses head off these complex, targeted attacks at the pass and prevent their networks from being crippled and compromised?
Endpoint detection and response technology can help reduce the risk by monitoring suspicious activities on hosts and endpoints — but it’s not a complete solution in the current threat climate. Not when perpetrators are becoming increasingly skilful at evading detection upon entry.
What can stop them in their tracks is network detection and response (NDR) technology that identifies and disarms interlopers after they’ve entered the network.
NDR software uses machine learning to determine a network ‘baseline’ and develop behaviour-based detectors that set the alarm bells ringing when they spot atypical activity that deviates from that baseline. Those alarms go off even if the flagged behaviour doesn’t conform to any previously identified attack pattern.
If there’s one trait common to cyber-attackers the world over, it’s adaptability. As a cohort, they’re innovative and opportunistic, and they’re constantly finding new ways to achieve their ends.
Adding NDR technology to security arsenals can help security teams stay one step ahead of these formidable adversaries and reduce the risk of enterprise and customer data being captured and compromised.
Making protection a priority
Business leaders cannot afford to be complacent about the rising risk of multi-faceted extortion in the current threat climate. Hackers and cyber-criminals have organisations of all stripes in their sights, and the softest targets are likely to fall first.
Given the disruption and expense ransomware attacks and data breaches inevitably entail, strengthening defences with NDR technology is an investment that organisations should seriously consider.