How traditional security tools fail to protect companies against ransomware


Most companies surveyed by Titanium have existing security prevention and backup equipment, but about 40% still suffered ransomware attacks last year.

Credit: Adobe

Traditional cybersecurity products were once enough to protect companies from viruses and hacking attempts. But today’s cyber threats require a broader, more sophisticated and more destructive, stronger defense. A report released Thursday by cybersecurity firm Titanium specifically looks at the inability of traditional security products to protect against ransomware.

See: How to Become a Cybersecurity Pro: A Cheat Sheet (TechRepublic)

For this State of data extraction and extortion report, Titanium commissioned CensusWide to survey 107 IT security professionals in the United States for their experiences with cybersecurity and ransomware. Among respondents, more than 75% said they have the tools for data protection, prevention and detection, and data backup and recovery. To protect their data, surveyed professionals have pointed to technologies such as encryption, including encryption at rest and encryption in transit; Data masking; And Tokenization.

Data extraction thwarts traditional security efforts

However, ransomware did not protect the defense agencies in place. About 40% of them have been victims of ransomware attacks in the past year, while more than 70% have seen such attacks against them in the last five years.

One strategy that is increasingly preferred by many ransomware gangs is double extortion. In such cases, the compromised data is not only encrypted but also expelled by the attacker. If the ransom is not paid, the perpetrators swear not only to encrypt the hacked data, but also to disclose it publicly. This means that just one data backup is not enough to make a ransom claim fail.

Data removal efforts have increased by more than 100% compared to five years ago, with 65% of respondents who have been victims of ransomware attacks also experienced data theft or removal. Of these victims, 60% said the attackers used the stolen files to further extort them by threatening to leak data. As a result, 59% of them felt that they had no choice but to pay the ransom.

Understand the different stages of ransomware attacks

With data exfoliation and double extortion tactics, how can companies better protect themselves from ransomware attacks? Arti Raman, CEO and founder of Titanium, has a number of suggestions.

“You can’t protect yourself against something you don’t understand properly, so the first thing companies need to do is learn how and why to break down ransomware attacks and test them in the light of their own organization,” Raman said. “Specifically, ransomware attacks involve three distinct phases: system lockup through intrusion, data exfoliation, and encryption.

“Success in either of these stages leads the attackers to victory, as they now have the added advantage of snatching the victim.”

The different stages work as follows:

  1. Intrusion: Once they infiltrate a network, attackers can monitor the victim’s behavior and install rear doors. Such exploitation can be sold as information or as access to other criminals.
  2. Data Exfoliation: This can be the most profitable stage, as attackers can use the stolen information to demand ransom from victims, their customers, their partners, their board members and even their employees.
  3. System Lockup: Attackers can prevent victims from accessing their own systems, especially harmful if the organization lacks proper backup and recovery methods.

“Once you understand these three clearly, it becomes clear that for each you have to calculate separately in your ransomware and extortion defense strategy,” Raman explained.

See: Ransomware: How executives should prepare for the current threat landscape.

Network defense against phases of ransomware attacks

First, companies must invest in prevention and detection systems to mitigate intrusion. However, this is only the beginning, as attackers can still take advantage of stolen certificates to bypass such tools.

To prevent data removal, companies must invest in three types of encryption, such as rest encryption, transit encryption, and most importantly use encryption. The new type of protection available, encryption in use protects both structured and unstructured data when it is being actively used. With this level of encryption, attackers using stolen certificates cannot access data even with special privileged access. Or they can’t capture and search for dumped data or databases from memory. As a result, encryption is a strong defense against the use of data-related aspects of ransomware attacks.

If an attacker is able to infiltrate a network, companies can protect the system from lockout by investing in backup and recovery solutions.

“Focusing on just one or two … is certainly not enough, as evidenced by the thousands of successful ransomware attacks that have already taken place this year,” Raman said. “A complete ransomware defense strategy should include three.”

However, ransomware gangs are increasingly focusing more on data exfoliation and less on system lockups, according to Ramon. For attackers, taking the time to encrypt files and dealing with decryption technology may seem easier than simply stealing data and threatening to reveal it.

Therefore, according to Raman, it is better for companies to focus on developing strategies that mitigate data removal while reducing penetration and system lockup efforts.

Source link