What can we do about the expected increase in ransomware and cyber extortion tools?
By Dragan Petkovic, Oracle Security Product Leader, ECEMEA
Although most often connected with ransomware, cyber extortion is a much broader concept. In addition to ransomware, cyber extortion often includes distributed denial of service attacks (DDoS) and data breaches, which may lead to reputational damage or administrative fines.
Cyber extortion is certainly on the rise and I believe we will see an evolution in the monetisation options exercised by cybercriminals. It sounds like an old proverb, but in the cryptocurrency economy, processing power is the new oil.
Classic types of extortion where victims pay the ransom in cryptocurrencies will still be prevalent, but with more companies having access to cloud, non-monetary exchanges will also be possible. Examples would be mining for new cryptocurrencies or using processing power to execute attacks to a third party such as DDoS or brute force attacks.
Companies looking at defence strategies against ransomware type of threats should educate their people as a priority. Awareness and training are essential and should be a requirement. Training can be automated by including identity governance as part of a company’s e-learning programme.
Data integrity monitoring is an obvious choice for preventing ransomware attacks, but it should not be limited to files only. Protection of data in databases is as important and organisations should look to implement comprehensive auditing and monitoring, protection of SQL injection and isolation of database administration functions from the application data.
Web application firewalls are an important part of technical controls to prevent ransomware attacks. Traditionally used in the protection of remote networks and users, they become a necessity one can’t live without in a cloud world.
Cloud Access Security Brokers (CASB) can help in preventing data leaks in the cloud, which cannot be addressed with on-premise tools. CASB can also help with the escalation of privileged users, which can either lead to data breaches or the use of cloud resources for unsanctioned purposes.
The endpoint is usually the weakest link and should be adequately protected with endpoint security controls. Protection should be extended to the back end as well, making sure systems are uniformly configured to best practices. It goes without saying, if you keep sensitive data on endpoints, they should be protected with other controls too, such as backup with point-in-time restore capabilities.
Traditional monitoring tools, such as Security Information and Event Management (SIEM), fall short with new types of threats and more complex hybrid environments. Organisations need to look at Security Monitoring and Analytics (SMA) solutions employing reputable real-time threat feeds, reputation scoring, machine learning and artificial intelligence to maintain the upper hand in the evolving threat landscape. As mentioned, endpoints are usually the weakest links, but lateral movement targets systems with the most sensitive data. Attackers always go for high yields.
One might say that the steps mentioned are just good security housekeeping, so what do they have to do with cyber extortion or ransomware protection? However, ransomware or cyber extortion protection calls for good security housekeeping.
Click below to share this article