This summer’s Tokyo 2021 Olympics have reinforced the Games’ lasting legacy in the form of their motto – “Faster, Higher, Stronger – Together.” As we face more sophisticated and severe ransomware attacks, this motto should inspire a new approach to cybersecurity that is collective, and founded on collaboration at every opportunity.
About the author
David Higgins is EMEA Technical Director at CyberArk.
It’s an approach that is now mission-critical due to the plethora of advanced threats being aimed at organizations, which are becoming increasingly complex as each day passes and more and more difficult for security teams to decipher. That’s why this inspiring motto should prompt a powerful reaction from across the cybersecurity community, in the form of a collective response informed by shared expertise, intelligence, experience and proven processes. This response can’t be a singular endeavor, however. Its range of requirements is far too broad for just one vendor to fulfil, so organizations must recognize the importance of collaborative work in developing holistic solutions that can keep businesses one step ahead of attackers.
Big Game Hunting
Just as we invest plenty of time planning how to secure our defenses, so too do attackers in preparing to strike. Ransomware attackers prepare for big campaigns – often called “big-game hunting” – with extensive reconnaissance and detailed research into social engineering techniques, often scoping out targets for months or years first. More often than ever, their goal is to execute a double-extortion attack which compromises multiple corners of the confidentiality, integrity and availability (CIA) triad. In practical terms, this means they typically seek to encrypt data to hinder its availability, and then threaten to leak it and compromise its confidentiality.
Usually, attackers will look to execute attacks by following four key steps:
1. Launching their initial attacks against endpoints: Using social engineering to identify their targets, an attacker can phish for unsecured credentials to unlock a door to the organization.
2. Escalating privileges and reinforcing their access: After the attackers have uncovered a high enough level of privilege, they can execute the code, alongside taking evasive action to give them time undetected to search for more sensitive data.
3. Extending the potential impact of the attack: Disrupting backups and deleting files elevates the impact of the attack, while also stealing masses of data which will be extorted at a later date.
4. Deploying ransomware to seal the deal: Files are encrypted and held hostage with a sky-high ransom for release, knowing that the organization is extremely motivated to pay because of the high reputational and monetary cost of downtime.
Making the fight against ransomware a team game
Just stopping malware simply isn’t enough. A winning approach also involves the use of controls to stop attackers from gaining high-level privileges to do harm at every point in the attack chain – which requires a collaborative effort.
In recent years endpoint detection and response (EDR) solutions have come a long way, to the point that they are now an essential part of strong endpoint security. The continuous monitoring, visibility, and in-depth analysis that it offers accelerates security operations efforts, to the extent that 51.6% of compromises were detected by EDR solutions in a recent SANS survey, even though these tools weren’t specifically designed to manage identity and privilege. An endpoint privilege manager allows other security defenses to play their roles more effectively.
Poised to strike
In a recent memo Anne Neuberger, US deputy National Security advisor for Cyber and Emerging Technology, wrote: “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
Clearly, being poised to defend against ransomware can only be one part of any organization’s cybersecurity strategy. This defense must be reinforced with ongoing cybersecurity training, information sharing, and having a strong security framework, all as part of a multi-layered strategy.
Neuberger added, “to understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”
Helping organizations become cyber-ready is an essential service. Through collaborative efforts, our industry can provide an effective, accountable, and responsible control of the digital IT environment. Offering organizations the opportunity to protect themselves against the evolving ransomware threats that we face will support them to create a gold-medal worthy security strategy.
