Your best cyber defense against ransomware and more? Understand your enemy
Do you protect your assets with end-to-end encryption? So are the criminals. Are you managing a distributed workforce with collaboration tools? Threat actors have a similar strategy. Are you scaling your business at scale with cloud technology? The attackers too.
Meanwhile, defenders face a strained supply chain, security challenges posed by hybrid and remote work environments, and increased global instability. These represent new opportunities for those intent on disrupting business in pursuit of profit.
Implementing a Zero Trust security strategy is one of the major themes of IBM’s Think 2022. all over the world here.
Rise of ransomware as a service
Ransomware is a form of attack that prevents a user from accessing computer files, systems, and networks until a ransom is paid. It was the most common type of cyberattack in 2021, accounting for 21% of the total, according to the latest IBM X-Force Threat Intelligence Index.
One of the reasons attackers like this approach is that it is an effective business model. You don’t need to have in-house technical expertise to carry out one of these attacks. Now, ransomware-as-a-service providers will do it for you.
What is Ransomware as a Service? Criminal “enterprises” with technical expertise provide pre-packaged tools to partners. These partners then carry out the attack in exchange for a percentage of each ransom payment.
Cybercriminals operate like businesses
The rise of ransomware as a service demonstrates that the most successful cybercriminals conduct their attacks like businesses. And like most businesses, their goal is to increase their return on investment (ROI) and maximize their profits.
Phishing attacks are the preferred approach for ransomware attackers and other cybercriminals seeking to break into a system, accounting for 41% of initial attacks fixed by IBM X-Force in 2021. Tricking someone into giving you their credentials or clicking on a malicious link is easier and faster than breaking into a complex network from the outside. The return on investment, in other words, is more important. And once a criminal is inside the system, ransomware and other forms of malware can be planted.
Likewise, the drive to maximize profits means that cybercriminals’ target selection is changing. Five or six years ago, criminals saw an opportunity in credit card details held by large retailers (and many still do). Today, it is possible to further disrupt business operations and extract more revenue through ransomware.
Last year, supply chains came under new pressure. IBM has discovered that manufacturing – which plays a critical role in supply chains – has become a favorite target for cybercriminals. It received 23% of attacks (ahead of finance and insurance for the first time since 2016).
By targeting industries that cannot afford downtime, criminals increase their leverage so they can force a quick payout. This type of attack goes beyond damaging a single business and impacts entire business ecosystems. Sometimes attackers go even further and target critical infrastructure.
How the DarkSide Attacked Critical Infrastructure
The strategy by which criminals maximize their influence by targeting critical infrastructure was shown last year when the DarkSide ransomware group (which operates under a ransomware-as-a-service model) attacked the Colonial private pipeline. The company operates pipelines that stretch 5,500 miles from the Gulf Coast to New York. It supplies 45% of the fuel used on the East Coast of the United States.
When Colonial was forced to shut down the pipeline, thousands of gas stations ran out of fuel, leading to panic buying and a price spike as area drivers raced to refuel their cars. The attack, which resulted from a single compromised password, cost Colonial nearly $5 million in ransom. But the impact was felt as far away as Asia because the South Korean national retreat is one of the co-owners.
Other Forms of Upside Attack
Despite the widespread impact of ransomware attacks, most are never made public. It is therefore difficult to share information that would help companies combat the threat.
Many of these gangs are based in countries without clear extradition rules or government cooperation in combating attacks. Thus, the criminals themselves have little fear of being held accountable, much less of being extradited.
Ransomware is currently the most popular malware for cybercriminals. However, like any business, they have other “products” they can use to achieve their goals.
For example, the spread of smart devices, such as fridges and smart TVs, has provided attackers with new openings. In fact, IBM X-Force saw a 3,000% increase in Internet of Things malware usage between Q3 2019 and Q4 2020.
What can businesses do?
So what should companies do? An important first step is to practice thinking like an attacker. When looking at your own business, what are the most essential services that would cause the most disruption if you were to lose access to them?
It’s important to think about both customer-facing services and those that support people and products. Also, you need to ask yourself: what systems could serve as a gateway to the corporate network?
You should consider adopting a zero trustsecurity model, where you establish least privileged access, continually verify and authenticate, and adopt a mindset that a breach may have already occurred. A zero-trust model can minimize the impact of a breach, aid in threat detection, and improve how you defend your business assets. The goal is to make it harder for ransomware and other threats to spread, even after an initial compromise. Companies that follow zero trust are able to improve security while streamline meeting business needs .
Living the Zero Trust Life
Here are some steps towards achieving a zero-trust environment:
- Limiting domain administrator accounts and protecting privileged accounts. Strictly monitor who accesses administrator accounts and when, and look for suspicious activity.
- Using Active Directory to protect critical passwords.
- Restrict paths through your network using segmentation whenever possible.
- Extend your zero-trust strategy and use Secure Access Service Edge (SASE)architecture to help manage technology and infrastructure approaches from one place. By having a management platform, you can streamline administrative work, share data, and use analytics to get an overall security picture. SASE creates the structure that makes Zero Trust flexible and easy to manage. Secure data and applications by combining the two principles.
No one likes to dwell on what can go wrong. But using these and other steps can greatly protect you against a ransomware attack or a data breach at the hands of attackers.
At Think 2022, explore how advanced digital tools, technologies and methods are empowering leaders to become the new creators of the ideas that will enable them to thrive and lead in an accelerated digital world. Let’s create something that changes everything. Learn more about Think 2022 events and add events to your calendar: www.ibm.com/events/think