Ransomware attackers have shown no mercy even in this period of crisis when the entire world is dealing with COVID-19 pandemic. They have continued to target big companies in order to extort large sums of money. It isn’t surprising to know that the group seems to have a special interest in Industrial Control Systems (ICS). These attackers have recognized that stealing information is more profitable and gives them an additional advantage of earning money.
One of the fresh ransomware attacks recently reported was by Honda. The Japanese carmaker grappled with a cyber-attack early this week that brought its global operations to a standstill. It was reported that the ransomware targeted Honda’s internal servers and spread a virus through the company’s systems.
Clearly, despite spending massively on computer/software security, the good guys aren’t even close to getting the upper hand vs. these cyberattackers/hackers. So, now what do these corporates do to safeguard their data storage from these threat actors?
The root cause of ransomware
It is important for businesses and enterprises to identify how ransomware make an entry in these high-valued systems. It has been realized that the root cause of the ransomware attack is lateral movement. A technique that a cyber attacker uses, after gaining initial access to move deeper into a network in search of sensitive data and other high-value assets. Lateral movement allows the cyber attacker to avoid detection and get access, even if discovered on the machine that was first infected. These attackers impersonate a legitimate user, use spear-phishing emails and move through multiple systems in the network until the end goal is reached. The attackers, hence, gather information about multiple systems and accounts, obtain credentials, and finally gain access to the identified payload.
The lateral movement is easily achievable because of inefficiencies in the current security setups, which include legacy-based solutions such as VPNs.
As it’s helpful to know the anatomy of an attack, it is equally important to know how to approach these attackers to minimize the impact of a ransomware attack on any business. For years, the internet has operated under an implicit trust model, where it is assumed that you are who you say you are until proven otherwise. But looking at our current reality, there are possibilities that cyber threats may continue to create chaos and wither the organization’s data security.
Any organization that continues to operate under this implicit trust model is effectively gambling with the security of its data and networks. As a preventive strategy, moving towards a ‘zero trust’ approach that incorporates “Never Trust, Always Verify” may help organizations to create a much more challenging environment against cyber threats.
A zero trust privilege requires authorization from anyone attempting to access any network resource. In a zero-trust setup, every user or device is always reverified where ever the user is coming from. Once their access is authorized, this identity must be used to further control access to critical servers and data. A spate of recent data breaches is making the idea of ‘zero trust’ more appealing.
Ransomware attacks continue to hamstring businesses left and right, but avoiding it isn’t difficult. Coupled with the ‘zero trust’ model, organizations can check on their basics such as creating a backup for their critical data on a regular basis.
Microsegmentation is another process of creating isolated ‘secure zones’ in data centres as well as in cloud deployments. Microsegmentation is critical now as increasing numbers of IoT devices connect to networks, creating the probability of potential vulnerabilities as the attack surface becomes increasingly varied and expansive.
Organizations can also get access to SafeHats program which will help in the continuous testing process of applications to know if they have been exposed to vulnerabilities. Another important strategy to safeguard your organization against cyberattacks is to train your employees on how to spot and report phishing emails before they click on any suspicious emails. It is a challenge to stay away from ransomware threats, but a ‘Zero Trust Privilege’ approach coupled with other preventive measures can help mitigate the risk, and save your organization from being the next victim of a cyberattack.