Cyber

Observations from the trenches

by Mark Rowe

In the past five years, ransomware has grown in sophistication and capabilities. The rapid development of this cyber threat means that no two threat investigations are the same, with cybercriminals using new tactics or differing binary programmes to encrypt their victims’ data, writes Geoff Mefford, Incident Response and Forensics Security Consultant, AT&T Cybersecurity.

Hackers carrying out ransomware attacks previously didn’t worry about leaving traces of evidence behind. They were often preoccupied – simply running away with the rewards, which could be lucrative. For cybercriminals, it made no sense to be slow and cautious, especially when considering the myriad of vulnerable networks that were potentially available to compromise.

Today’s cyber landscape has become a hacker’s digital playground where threats come fast. When observing the transformation from PcCyborg, the first ransomware threat in 1989, its capabilities were straightforward and far from complex. This was at a time when the internet was emerging, and security software options were limited.

Fast forward almost three decades and modern ransomware is a highly evasive and potentially damaging threat to enterprises. In some cases, malware has been known to remain idle within a system for an extended period, avoiding all malicious activity. In others, malware will only activate once a user performs a specific action. Then you have fragmentation whereby malware is split across a system waiting for a specific action to reassemble and infect the victim.

While the capabilities of ransomware have increased, cybersecurity defenders also have learned new techniques to thwart modern threats. This battle between attackers and defenders mirrors a cat-and-mouse chase, albeit one that can be costly. Initially, the gap between the two sides was vast. But today, infosecurity professionals have made great strides to bridge the gap with newer advanced security solutions helping with malware detection coupled with a bigger effort to increase overall security awareness to help users spot tell-tale signs of potential malware.

As defenders catch up, cybercriminals have continued to innovate. They are outsourcing vulnerability analysis of their own malware. Having hackers perform Quality Assurance (QA) on malware is interesting and shows the lengths criminals are willing to go to provide that their “product” has the longest shelf life and return on investment.

But, the more sophisticated malware becomes, the more expensive it is to build and maintain. From once being self-contained within TOR-based web sites, cybercriminals now advertise as any normal enterprise would with internet ads found on everyday search engines. Hackers are treating cyber-criminality as a business and are making the necessary investments into ransomware to make them harder to prevent and more difficult for victims to recover their encrypted data.

Ransomware is becoming more pervasive, particularly given the number of large enterprises that have suffered a ransomware attack in recent times. Therefore, organisations that require effective countermeasures and want to take a proactive stance must conduct system-level backups. A renewed focus on the backup processes will become increasingly important, and if an organisation’s backups are not currently considered part of the company’s ‘crown jewels’ in their threat assessments, they should be added.

Backups must be conducted continuously or else the business will fall into the trap of having dated ones, which means a full recovery will be out of the question. When investments in data backup are made, recovery can take a matter of hours, so it is worthwhile investigating what options are available to the enterprise.

With that said, effective security requires a balanced investment, and it should be spread across technology and the workforce. A renewed focus on the process of having to use the backups in a large-scale event will help make an organisation more resilient to these attacks. The more layered and sophisticated their defences, the more likely hackers will lose interest and move to another, easier target.

Lastly, organisations should continually look to improve their cybersecurity posture. They should test the resiliency of systems and simulate live ransomware attacks, as practising for this event will help to breed confidence in the business recovery process. Remember, those who fail to prepare better be prepared to fail – and hackers will be waiting in the wings to capitalise.

Related News

  • Cyber

    Innovate UK selects

    by Mark Rowe

    Secure Cloudlink, a patented cloud services brokerage (CSB) that seeks to cut the risk of using passwords as a means of identification,…

  • Cyber

    Thales joins IIC

    by Mark Rowe

    The cybersecurity and data security product company Thales‘s e-Security business has joined the Industrial Internet Consortium (IIC), an industry body for the…

  • Cyber

    Cyber in America

    by Mark Rowe

    Cybercrime is the second-largest category of crime in the United States. Every year, the threat from online criminals gets bigger and the…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing