The threatening cyber landscape of the Melbourne Cup
The Melbourne Cup officially kicks off tomorrow, and Jeffrey Kok, senior director of Pre-Sales Asia Pacific and Japan at CyberArk has a few tips for Australians betting their money on the ‘race that stops the nation’.
"As betting online becomes bigger and bigger business, virtual platforms are a cornerstone of the gambling industry, with tens of millions of dollars invested in the infrastructure and expertise needed to entice punters to their sites and cater to the thousands upon thousands of transactions that take place on a daily basis – with matters coming to a peak as race day approaches,” he explains. "As with any business that depends on internet-related business for its livelihood, the gambling houses have also heavily invested in security to keep their sites up and running.”
Kok adds that the types of protection that are in place aren’t always enough to stop ransomware.
"Ransomware is software that, simply put, encrypts files and data on the victim’s infrastructure blocking any usage of such files and data until a sum of money is paid,” he says.
“It has been used to target individuals but is increasingly a problem for enterprises as hackers seek to maximise revenues.”
In order need to combat these threats, here are Kok’s five pieces of advice:
- Most anti-malware and anti-ransomware solutions today focus on detecting and blocking malware at the point of inception. These solutions can be helpful when you know what you’re looking for – but when it comes to ransomware, there are new variants coming out every day.
- Standard ransomware just infects user machines; this is the same ransomware that would infect a regular consumer at home. These attacks will be opportunistic and less damaging to organisations.
- Advanced ransomware is far more dangerous. These ransomware attacks follow the same general attack pattern as targeted network attacks, but for a very different end goal. Instead of information theft, ransomware attackers seek to cause widespread havoc through mass infection and encryption of user data.
- Removing local privileges (the ability to access more sensitive parts of the network) from regular PCs can help defend against ransomware attacks.
- An effective approach is to protect the sensitive files in your organization from the damage that often results from ransomware attacks. Employing greylisting - an approach that allows unknown applications (e.g. the latest ransomware variant) to execute harmlessly - blocks ransomware from being able to access or encrypt your critical files.
"To effectively defend against such ransomware attacks, organisations must combine the principle of removing local privileges and. application control to reduce the attack surface and block their progression."