Sunday, December 25, 2022

Don't Become A Victim Of Multiple Ransomware Attacks!!!

 


Just yesterday I wrote about some the top Cyber trends to expect in 2023 (now only a week away).  I had noted that Ransomware is now on a decline when compared to 2021, but note that it will still be around for quite a long time to come, and even going into next year. 

What the difference will be is how far the Cyberattacker will go with these attacks.  For example, will they just stop at holding your device hostage?  Or will they try to exfiltrate data and sell it onto the Dark Web?

Well, now there is a new fear that is coming out:  If you have been hit with a Ransomware attack, the same or even an entirely different hacking group coming after you again, or even a third time?  In theory, yes, this is a very strong possibility, but the odds of actually happening it in the real world are not known yet. 

As far as I know, I have not come across an organization yet that has been impacted multiple times by the same threat vector.  But different ones? For sure.

But also keep in mind that if you do become a victim of a Ransomware attack the first time around, the chances of having sensitive data stolen is pretty high.  Now, if the same Cyberattacker wants to come back at you for a second or even third time, they necessarily do not have to strike at you with a threat vector. 

All they have to do is scare you into releasing the data they heisted the first time so that you do make some sort of payment.

This ends being an extortion kind of attack, and this is what is trending now in the Cyber world.  In fact, the hacking group may not even ask for any money.  They realize that even reputational/brand damage to your company can be equally, if not more devastating. 

So really, all they have to do is come out into the media, and make claims that they have your data.  From there, the very worst could happen.

In fact, this extortion scheme has gotten so bad that it is expected to cost Corporate America $265 billion by 2031 (SOURCE:  https://securityintelligence.com/news/ransomware-costs-expected-265-billion-2031/).  So what can a CISO do to help mitigate the risks of being hammered 3x over by a Cyberattacker?  Here are some key tips:

1)     Know thy data:

Being the head of your IT Security team, it is ultimately, you the CISO, that has to take responsibility for knowing what kinds of information and data are being collected and used by your company.  But even more important is you need to know at all times where it is all being stored.  Even to this day, a surprising number of CISO’s still cannot provide an answer to this question when they are asked directly about it.  If you really don’t anything about, then ask your IT Security team to help you diagram where all of it is at.

2)     Get rid of the siloes:

For the longest time, Corporate America lived in what are called “siloes”.  This simply means each department in a company merely did their own thing, without working as a team with the other teams.  IT Security has been notorious for doing this, but now, with the advent of the 99% Remote Workforce, people are realizing that all departments now have to come together at varying degrees for the common good of their employer.  So, this approach should also work for your databases.  Rather than keeping 10 different bases, it is probably even wiser to consolidate all of them into one central repository, and from there move them into a Cloud platform, such as that of Microsoft Azure.  In fact, a lot of Cyber pundits are now calling for this kind of centralization.  Why is this?  Well, your data becomes easier to manage and optimize, and you can implement all of them into one place.  Thus, it is also easier to keep track of any malicious behavior. 

3)     Keep analyzing:

With the help of both AI and ML tools, you can quickly analyze the data that you have, and what is incoming and even what is outgoing.  Of course the goal here should be to look for unusual patterns in network traffic, but you and your IT Security team also need to keep creating new baseline profiles as the needs dictate them.  In other words, you should never rely upon a static baseline for a long time.  Your profile is a dynamic one, and thus should be updated based upon what you see in the external and internal environments of your company.

4)     Incorporate PAM:

This is an acronym that stands for “Privileged Access Management”.  This methodology should be used when managing Privileged Accounts, especially those in a Hybrid Cloud environment. Essentially, these accounts can be viewed as “superuser” accounts where higher than normal rights, privileges, and permissions are assigned to certain employees in a company.  You should never rely upon manual process here.  Your IT Security team has enough to worry about, and you don’t want any of your Privileged Accounts to be hijacked.  A good PAM based solution will help you to automatically delete and/or decommission those that are not in use anymore, or simply deemed to be inactive.

5)     Work proactively after the attack:

After the dust has settled, you will then want to discover entry points where the Cyberattacker was able to penetrate through.  A good forensics analysis should help to reveal this, but only a Penetration Test can truly tell you what really happened.  Therefore, you should run one immediately after the attack, and immediately fill any gaps with the remediative steps that have been provided to you.  But even after this, you should be running a deep Pen Test scan at least once every quarter.  This can be expensive, but now many companies are coming with Pen Testing solutions from which you can get a license for a certain amount of time.  This will let you run as many scans as you want or need to.

My Thoughts On This:

All if this comes down to in the end, should you ever pay a Cyberattacker the Ransom?  The answer will vary of course, but in my view, it should never be paid.  By taking this approach, it will lessen the chances that you will be hit repeatedly in the future. 

In fact,  depending upon who you pay the Ransom to, this could even be a felony under United States law.  And if you do pay it, the chances of getting a payout by your insurance carrier is almost nil.

And remember, always back your data.  With Cloud today, you can store your data across different data centers located in different parts of the world.  So, if you are hit, you can immediately switch over to your redundant data center, with very little downtime. 

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...