Day by day, the cyber security threat landscape adapts and evolves, with newer and more sophisticated attacks cropping up all the time. However, one method that stands out as still causing havoc for thousands of organisations is ransomware. But even ransomware today looks quite different compared to a few years ago; not in terms of the impact but rather the accessibility of it to non-skilled threat actors. The rise of Ransomware-as-a-Service (RaaS?) has lowered the technical bar for the execution of a ransomware attack, allowing perpetuators to leverage a RaaS provider skills – often being able to choose from a menu of attacks – when targeting a victim. This commercialisation of ransomware has resulted in an increase in both the number and scope of attacks, raising it to be amongst the most significant cyber threats – given that it puts the availability of our most critical services at risk.
As many have found, traditional detection and prevention technologies are no longer sufficient. Information into how previous attacks were carried out only provides so much. When security teams are identifying new techniques being used each day, businesses need to arm themselves with stronger defences that not only manage ransomware risk, but completely eliminate them.
Learning from the past
Unfortunately, we don’t have to look that far back to witness the devastating consequences of a successful ransomware attack. Just last month, top US fuel supplier, Colonial Pipeline, was hit by a ransomware attack that caused them to shut down their entire network to deal with the breach. As a major contributor to the fuel network, transporting 45% of the United States East Coast’s fuel supply, this attack caused significant disruption. Whilst the company proactively took their systems offline to contain the threat, the attack has been labelled by some as being one of ‘the most impactful ransomware attacks in history’.
Another cyber attack that hit the headlines at the beginning of June was that of the world’s biggest meat supplier, JBS, which also became victim to ransomware, perceived to have originated from a criminal group based in Russia. As well as causing a shortage of product and triggering an increase in prices for customers, this level of attack threatens the very reputation of the company. In this instance, the hackers accessed a computer network and threatened to cause disruption or delete files unless the ransom was paid.
The question remains: if large organisations such as Colonial Pipeline and JBS are being breached, when they have the funding and resources to implement top level security solutions, then what hope is there for everyone else? It’s important to remember, that whilst it is almost impossible to predict and prevent every single cyber attack, there is plenty that can be done to eliminate some of those risks. Cyber security does not need to cost a fortune to be effective, it’s just about knowing which solutions will work best for each company. For the sake of the business safety and reputation, as well as the safety of their customers, it’s vital that companies take the time to research and invest in stronger defences.
Creating and rolling out an effective cyber security strategy
What are the options?
There are a multitude of solutions available, all of which are designed to reduce risk and protect specific areas of the network. However, there is one method that is rising in popularity and has proven to be highly effective. Zero Trust approaches to security are being applied by organisations on a daily basis, developed on the grounds that trust should never be given out superfluously – transitioning from “Trust but Verify” to “Verify, then Trust”. Forrester recently announced that Zero Trust can reduce an organisation’s risk exposure by 37% or more. This model eliminates automatic access for any asset (an asset could be a user, application, system, device or network), whether internal or external. It instead assumes that the context of any action must be validated before it can be allowed to proceed.
Another technique that has emerged as being one of the best for protecting businesses from ransomware attacks, and that is closely aligned to the Zero Trust model, is micro-segmentation. Micro-segmentation restricts adversary lateral movement through the network and reduces a company’s attack surface. A strong security perimeter, whilst important, is no longer enough to protect business IT networks from ransomware threats – since it just takes one breach of the perimeter (through clicking on a link in email) to compromise the network. The next stage of prevention is all about containment – the attacker should not be able to move freely even once they have reached the target network.
Zero Trust, along with micro-segmentation, is becoming highly recognised as a strong defence against cyber threats as it limits the spread of any infection that does get through. Again, everyone understands that it is near impossible to predict when a cyber attack may take place, where from, and with what target. But there are ways for organisations to lessen, or even eliminate, some of that risk by assuming breach and disarming attackers even if they do break through the perimeter.
What the US pipeline attack means for the UK’s national infrastructure
The future of ransomware
The main priority for organisations moving forward is to block the paths that ransomware uses to spread, keeping breaches contained, and providing time for detection and remediation to take place. Eliminate the route, eliminate the risk.
Criminals these days often choose the path of least resistance. Make it harder for them to reach their prize, and they’ll likely move on. A key target for hackers is end users, who can more easily be enticed with phishing attempts – one naïve end user could grant criminals access to the entire network. Education and training is therefore crucial to further strengthen company defences and keeping employees updated with what security measures are being implemented will only help the business’ security stance.
Businesses are no longer just responsible for their own security, but for those who are connected to them. Customers, partners, employees, they’re all at risk of being exploited by criminals. Adopting a Zero Trust policy and segmenting the network structure can help keep ransomware out of the critical systems that are paramount to a business’ success.