If there’s one legacy the cybersecurity industry should take away from this summer’s Tokyo 2020 Olympics, it’s the games’ motto – “Faster, Higher, Stronger – Together.” As ransomware attacks become more sophisticated and pose a more severe threat, the phrase should inspire a more collaborative and unified approach to security.
This inspiration is needed to deal with an avalanche of advanced threats, all of which require a powerful response informed by experience, expertise, shared intelligence, proven processes and defense-in-depth tools. This range of requirements is too broad to be fulfilled by just one business or vendor, so cybersecurity needs to become a collective effort. Organizations recognize that collaborative work will help build holistic solutions to stay ahead of attackers.
The Ransomware Hunt
As we recognize that extensive planning is vital for security, so do attackers in identifying the steps for a successful attack. Ransomware attackers prepare for big campaigns – often called “big-game hunting” – with in-depth reconnaissance, social engineering and scoping out targets for months or years first. Their goal is to execute a double-extortion attack in which they encrypt data to prohibit its availability and then threaten to leak it and jeopardize its confidentiality. In other words, to compromise multiple corners of the confidentiality, integrity and availability triad, known as the CIA triad, which is a cornerstone of data security practices.
Typically attackers will look to execute attacks by following four key steps:
- Deliver Initial Payload on the Endpoint: Using social engineering to identify their targets, an attacker can phish for unsecured credentials to gain a foothold in the organization.
- Escalate Privileges and Fortify Access: After the attackers have uncovered a high enough level of privilege, they can execute the code, alongside taking evasive action to give them time undetected to search for more sensitive data.
- Maximize Attack Impact: Disrupting backups and deleting files elevates the effects of the attack higher while also stealing reams of data that will be extorted later.
- Execute Ransomware: Files are encrypted and held hostage with a sky-high ransom for release, knowing that the organization is highly motivated to pay because of downtime sensitivities.
Using a Team Approach to Fight Ransomware
Defenders must take more defensive action than simply stopping the malware. A winning approach also involves controls to prevent attackers from gaining powerful privileges to harm at every point in the attack chain – which requires a team effort.
In recent years, endpoint detection and response (EDR) solutions have come a long way and are an essential part of robust endpoint security. The continuous monitoring, visibility and in-depth analysis that it offers accelerate security operations efforts. According to a 2021 SANS survey, 51.6% of compromises were detected by EDR solutions, even though these tools weren’t specifically designed to manage identity and privilege. By implementing an endpoint privilege manager, other security solutions can play their roles more effectively.
Getting Ransomware-Ready
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” wrote US Deputy National Security advisor for Cyber and Emerging Technology Anne Neuberger in a recent memo.
Of course, being prepared against ransomware is only a part of your organization’s cybersecurity toolkit. Ongoing cybersecurity training, information sharing and having a strong security framework are also elements of a multi-layered strategy.
“To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations,” Neuberger wrote.
Cybersecurity companies offer an essential service in helping organizations to prepare. By working as a team in solidarity, our industry can provide more accountable, responsible and effective control of the digital IT environment. Helping organizations to combat evolving ransomware threats will give them the confidence to achieve their own gold-medal-worthy security.