sb-nz logo
Story image

Four steps for preventing the next ransomware attack

05 Dec 2017

As we approach the end of 2017, it’s clear that enterprise ransomware continues to be a huge issue for businesses all over the globe. Once ransomware enters your network undetected, your data is immediately encrypted and inaccessible or your systems are locked down. 

In some cases, ransomware goes after the back-ups and if they are connected to the network, the data may be completely unrecoverable. Here are some tips on how to better prevent ransomware damages:

Apply behavioural-based detection   

It’s crucial for organisations to shift to proactive cybersecurity techniques focusing on identifying malicious behaviour, relating to ransomware even when no signatures or known exploits are present.

Instead of being reactive and shoring up defences when you detect an Indicator of Compromise (IoC), or a “known bad,” organisations should track Indicators of Attack (IoAs) that identify adversary behaviour, related to ransomware, such as code execution or lateral movement.

This enables organisations to prevent, detect, and respond to both known and unknown attacks. An IoA can prevent multiple variants and versions of ransomware families, including new ones not detectable by known signatures or features.

Augment analytics with artificial intelligence/machine learning

AI/Machine learning (ML) is critical in helping to detect ransomware that might otherwise be missed. To be truly effective, ML must have enough relevant data so results can be meaningful and adjust to ensure the balance of true vs. false positives.

A signature-less ML combines behavioural analytics with ML and is able to learn what files are malicious without having to be fed new datasets every day. This approach is far superior in helping detect the malware and ransomware of today, much of which is unknown variants and ultimately leads to better classification of what is malicious or not, helping your organisation’s IT team in the long run.

Bolster your defence with proactive hunting

Rather than waiting for ransomware to appear and take hold in your organisation, it is better to spot the problem at inception and close it down immediately. This is what proactive threat hunting looks like, and leveraging threat hunting teams can help defenders shift the advantage back to themselves.

Threat hunters look for evidence of potential malicious behaviour that might exist in a broad pool of behavioral data, but may be too subtle to warrant a response.

From there, threat hunters can follow even the faintest suggestion of possible threat activity to put together a picture of whether an attack is in progress, or if the behaviour is irregular but does not represent malicious activity in your IT environment.

Threat hunters make it possible to find damaging attacks before they are able to be detected using automated security tools. This is a key fundamental for true visibility into your network.

It’s time to solve the patch problem

Vulnerability scans are no longer adequate in defending the network in real-time against modern-day threats. Many legacy approaches only report patch information collected from checking the registry for listing of installed patches. As a result, failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status.

This leaves organisations with major blind spots that can turn into massive vulnerabilities in the event of attacks like WannaCry. Vulnerability management needs to work in real-time and have full visibility into the environment to create a capability of proper prioritisation and patching.

Article by CrowdStrike. 

Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
Cybersecurity strategies must involve every part of the organisation - study
In the past year, a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million. More
Story image
Dark net vendors wanting Bitcoin payments for unverified COVID-19 vaccines
As the medicines are being offered on the dark net, purchasers have no way of knowing whether they are genuine, according to Check Point.More