Cybersecurity News - August 2021
As cyberattacks evolve, businesses must adapt
A primary threat to any and all businesses and agencies is ransomware.
Typically, ransomware infects a system through phishing emails, attachments, and/or links. Prior to each attack, the cybercriminal analyzes the network and assets to identify weaknesses, assess traps, and determine whether the organization is worth attacking.
The ransomware malware attack encrypts data in the system or blocks access to it. Then, the criminal demands a ransom to decrypt the files.
There are two types of ransomware and two tactics related to ransomware.
Crypto ransomware: Encrypts the most valuable files and prevents access until demands are met and the cybercriminals provide the data key. Without the key, the data cannot be recovered.
Locker ransomware: Locks an organization out of all systems until demands are met.
Scareware: Manipulates users into unfavorable actions like downloading and buying malicious software. It can be used to distribute ransomware and also fake law enforcement agency notifications.
Leakware (a.k.a., Doxware): Steals data and threatens to make it public until demands are met.
Ransomware attacks are evolving continuously, which is part of what makes ransomware a powerful threat. For example, now that organizations often choose to recover data from backups rather than pay ransoms, many attackers employ a double-extortion strategy. They both encrypt files and prevent access, and also steal and threaten to make information public.
New variants surface routinely, but they typically rely on similar tactics.
Developers employ the RaaS subscription business model that enables affiliates to deploy already developed ransomware attacks.
This drops the barrier to entry because the extensive coding knowledge previously required is no longer needed—anyone who meets the affiliate membership requirements can pursue victims. Affiliates receive high dividends for successful ransom payments with an elevated chance of success, and a low chance of discovery. RaaS adoption is on the rise, resulting in more targets.
The U.S. Government launched StopRansomware.gov to help public and private organizations defend against the rise in ransomware cases. The site provides threat information and guidance in order to mitigate the risks. It also provides a Ransomware Response checklist.
DarkSide is ransomware-as-a-service (RaaS) that enables the ransomware developers to receive a share of the proceeds from the cybercriminal actors who deploy it (i.e., affiliates). Since August 2020, DarkSide actors have targeted large, high-revenue organizations, resulting in the encryption and theft of sensitive data.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Federal Bureau of Investigation (FBI) provide DarkSide technical details and risk mitigations in their joint Alert (AA21-131A) DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks.
Develop a layered security posture to defend against ransomware.
Enterprise security awareness programs typically train all employees the same way using phishing simulation exercises and online learning modules. They are not provided frequently enough to remain top of mind for employees and do not target the needs of at-risk users.
Take steps to implement a behavior-based, individual approach to effectively teach the correct conducts and establish a trackable, cyber-risk savvy culture:
As operations move from analog to digital, organizations need to productize security. This means that security is not driven by just the CISO and CIO, but engrained in the operational roadmap and planning and lifecycle management. Security convergence needs to occur for IT, operational technology, and physical security.
For suppliers, risk management goes beyond securing data and IT infrastructure to also include product security. Vendor risk policies need to be updated as supplier products and services become digital.
Instead of taking a static security approach, prioritize incorporating new security solutions to meet the demands of evolving threats.
The information above is provided as a convenience, without warranties of any kind and MUFG Union Bank, N.A. disclaims all warranties, express and implied, with respect to the information. You are solely responsible for securing your systems, networks, and data. You should engage a qualified security expert to advise on your specific needs and requirements.
This Cybersecurity News contains news and information designed to help protect your company and employees.