A New Era of Ransomware

Uploaded on 2022-07-20 in NEWS-News Analysis, FREE TO VIEW

For months, Costa Rica has been on the frontlines of unprecedented ransomware attacks that have impacted just about every aspect of life. Essential services have been crippled, teachers have been unable to collect their paychecks, doctors have been prevented from tracking the spread of COVID-19, all while international trade has ground to a halt. 

The chaos in Central America is not an isolated incident, however. Instead, it’s the culmination of a recent rise in ransomware attacks across the globe. So, with threat levels increasing what can governments and private sector organizations learn from these attacks and how can they avoid ending up in cyber criminals’ crosshairs themselves?

Beware Vulnerability Windows

Ransomware attacks are rarely the acts of individuals sitting at their computers and randomly deciding when to strike. Instead, they’re meticulously planned. The culmination of weeks, often months of threat actors accessing systems and planting the seeds of their assault so that they can cause the maximum possible disruption. 

As a result, you often see ransomware attacks targeted during times of instability or uncertainty. We’ve experienced that with the handover of power from one government to another; but we’ve also seen attacks coincide with other world events such as the start of the war in Ukraine and the onset of COVID-19, distractions that make it easier for cyber criminals to not only access systems but cause the most damage. 

These disruptions don’t even need to be massive geopolitical events like wars or pandemics. Change in any form brings with it risk. Indeed, in previous years, we’ve seen ransomware attacks targeted to coincide with national holidays, Christmas and even long weekends. The aim of the attackers is to catch their targets off balance when people’s attention might be elsewhere. 

We call these “vulnerability windows” and in order to effectively protect themselves organizations, whether they’re governments or businesses, need to proactively monitor their risk and deploy resources accordingly. 

Practice Good Cyber Hygiene

People might view ransomware attacks and think that they’re the result of a massive security breach or organizations not having stringent enough controls, but more often than not this kind of event is simply the result of poor cyber hygiene. 

The concept works in exactly the same way as personal hygiene, in that people who maintain their health by taking preventative measures are less likely to get sick while those who don’t put themselves at a greater risk. 

When it comes to organizations, poor cyber hygiene creates chinks in your security architecture that attackers can exploit. That’s why practicing good cyber hygiene is so important. Simple steps like using strong passwords, multi-factor authentication, updating software regularly and securing backups all go a long way to keeping your security infrastructure intact. 

Watch Out For Insider Threat

Recently we’ve seen a growing number of attempts by groups like Lapsus and Conti to actively recruit individuals from within governments and businesses to sell remote access credentials. There are advertisements all over the internet with groups overtly asking for this kind of access and offering good money for it.

It’s not just money that can motivate insider threats either, sometimes the intent can be malicious. Perhaps an individual doesn’t agree with the politics and policies of the organization they work for. Or they’re leaving, so take access with them or leave back doors open for attackers to get in after they’re gone. 

Whatever their motivation may be, monitoring is vitally important in order to protect from this kind of insider threat. Fortunately, the behavioral analytical heuristics that are now set within security programs are specifically designed to spot unusual activity. Used in conjunction with good cyber hygiene, organizations can help to protect themselves from attacks wherever they originate from. 

How Can Governments Combat The Rise Of Ransomware? 

It’s easy to look at recent attacks and think this is trouble in a faraway land. But the simple truth is that attacks can and do happen everywhere. In fact, our most recent Check Point report shows that Latin America is facing the same level of threat as those of us here in Europe.  

The problem is that we’re not doing enough to ensure that organizations, whether private or public sector, are protected from the rise of ransomware. Indeed, while governments have worked to implement stringent measures in areas like data privacy the same can’t be said for ransomware. 

So, where there should be strong compliance or mandates in place to ensure that organizations are adequately protected, there are instead guidelines and best practices that businesses can choose to follow. It’s a crazy situation. After all, in other areas of life like driving a car, for example, you need to reach a certain level of qualification or capability before you’re given a license. But you don’t need any specific qualification or certification to be given the task of securing a business. And until ransomware is treated as seriously as other areas, organizations across the world will be put at risk. 

Don’t Get Complacent

Cybersecurity can't just be another tick box exercise and governments must act to set standards and enforce compliance in order to ensure that organizations are adequately protected. 

It’s time we started to adopt a risk management framework that ensures organizations are as protected from ransomware as they are from other threats facing their operations. We’ve got to become more proactive, conducting regular exercises, threat assessments and testing to ensure that we know our systems will stand up to attack.

Because the biggest lesson we can take away from the plight of Costa Rica is that ransomware attacks can and do happen to anyone. 

Deryck Mitchelson is Global Chief Information Officer at Check Point

You Might Also Read: 

Ransom: Prepare For The Worst:

 

« Iranian Hackers Try Intercepting Israeli & US Government Emails
Two Million Extortion Emails Blocked Every Day »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

Conference-Service.com

Conference-Service.com

Conference-Service.com provides a categorised calendar of conferences and events which includes Information Security.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

British Security Industry Association - CySPAG

British Security Industry Association - CySPAG

CySPAG is a special interest group within the British Security Industry Association (BSIA) focused on reducing the risk of product related cybercrime.

TRU Staffing Partners

TRU Staffing Partners

TRU Staffing Partners is an award-winning contract staffing and executive search firm for cybersecurity, eDiscovery and privacy companies and professionals.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

The Cyber Guild

The Cyber Guild

The Cyber Guild is a not-for-profit organization working to improve the understanding and practice of cybersecurity, and to help raise awareness and education for all.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.

Myntex

Myntex

Myntex® is a leading encrypted phone provider, managing a world-class on-site Canadian data center. Our solutions protect against data breaches, digital surveillance, and cybercrime.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.