Story image

Prevention better than cure, strategies to mitigate cybersecurity incidents

Do businesses believe they can’t stop a breach? Have cyber-criminals worked out a quick and easy way to monetize cyber-crime? With Bitcoin or PayPal as payment, the ease of encryption technology and the open access to malware, everything has become much simpler for malicious actors. Ransomware has been distributed in various ways and comprises different methods of infection such as:

•Email phishing campaigns with nefarious attachments
•Ransomware as a Service
•File sharing
•Drive-by downloads
•Malvertizing
•Ecommerce sites
•Worms for lateral movement (Ransom works)
•Malware as a service
•And more

The combination of attack surfaces, variations and volume of malware appears to have driven a mindset of  “it’s going to happen anyway”.

Data can be restored from backups or ransoms can be paid. In either case, time, resource and cost is a factor. Time is money and reputation and reputational damage in some cases can be irreversible.  

A very good example of the damage to reputation after the breach was the case of HB Garry Federal.

Ransomware is evolving.  

The next evolution and the obvious one is going beyond encryption to exfiltration. The implications and ramifications of maliciously encrypted data that is exfiltrated are frightening. Malicious actors can demand a ransom to unencrypt the data and to guarantee that data will not be released or resold.  

The value of those ransoms will become exponential. If payment isn’t made then the loss of the data may be the least of business’ problems. That data may become publicly available or sold to other criminals. The legal, reputational and monetary damage could be unrecoverable.

Remember, as at the 22nd of February 2018 in Australia, the Notifiable Data Breaches scheme means businesses have to report the data breach in most cases.

Light in the tunnel.

If the security community is honest, there is no end of the tunnel. However, the tunnel is illuminated. Security is a journey, not a destination.  

Looking at the above methods of distribution and styles of Ransomware we can see that there are moving targets for Cyber Criminals too. It’s not all plain sailing for them.

•Available vulnerabilities
•Credentials required for escalated privileges
•Defence systems in place
•User awareness and cybersecurity maturity
•Organisational Cyber Security Maturity and more.

As is the case with the majority of Malware, Ransomware relies on certain conditions to exist within the threat actors target, for it to be successful.

The vulnerabilities Ransomware will exploit must exist. Anti-Malware programs running must not have seen the particular variant or new sample before.It needs to evade detection of behavioural defence mechanisms. 

It has to evade email and web gateway defences. It may need to rely on users to interact with it to enable its functionality. In many cases, it needs access to elevated privilege to perform its function.  It has to be stealthy enough not to be seen traversing a network.There are a considerable number of barriers a threat actor needs to overcome to be successful.

With the right barriers in place in the right places, it can be near impossible for a threat actor to be successful. And is the case with physical crime, much of what cyber criminals do is opportunistic. If an attack is unsuccessful or a target too difficult to compromise, they’ll move on.  

Targeted attacks are generally more sophisticated and depending on the prize, can happen over a long period of time. But the longer a malicious actor attempts to compromise a system, the greater the risk of detection.

The ASD’s Strategies to Mitigate Cyber Security Incidents is one light in the cybersecurity tunnel. And a significant one. But even the ASD has now included backup as one of the strategies in what they term, “The Essential Eight”. The Essential Eight also contains the “Top 4”. This is where it gets very interesting.

Click here to find out more.

Part two of four.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.