A New Era of Ransomware

Uploaded on 2022-07-20 in NEWS-Cybersecurity News, FREE TO VIEW

For months, Costa Rica has been on the frontlines of unprecedented ransomware attacks that have impacted just about every aspect of life. Essential services have been crippled, teachers have been unable to collect their paychecks, doctors have been prevented from tracking the spread of COVID-19, all while international trade has ground to a halt. 

The chaos in Central America is not an isolated incident, however. Instead, it’s the culmination of a recent rise in ransomware attacks across the globe. So, with threat levels increasing what can governments and private sector organizations learn from these attacks and how can they avoid ending up in cyber criminals’ crosshairs themselves?

Beware Vulnerability Windows

Ransomware attacks are rarely the acts of individuals sitting at their computers and randomly deciding when to strike. Instead, they’re meticulously planned. The culmination of weeks, often months of threat actors accessing systems and planting the seeds of their assault so that they can cause the maximum possible disruption. 

As a result, you often see ransomware attacks targeted during times of instability or uncertainty. We’ve experienced that with the handover of power from one government to another; but we’ve also seen attacks coincide with other world events such as the start of the war in Ukraine and the onset of COVID-19, distractions that make it easier for cyber criminals to not only access systems but cause the most damage. 

These disruptions don’t even need to be massive geopolitical events like wars or pandemics. Change in any form brings with it risk. Indeed, in previous years, we’ve seen ransomware attacks targeted to coincide with national holidays, Christmas and even long weekends. The aim of the attackers is to catch their targets off balance when people’s attention might be elsewhere. 

We call these “vulnerability windows” and in order to effectively protect themselves organizations, whether they’re governments or businesses, need to proactively monitor their risk and deploy resources accordingly. 

Practice Good Cyber Hygiene

People might view ransomware attacks and think that they’re the result of a massive security breach or organizations not having stringent enough controls, but more often than not this kind of event is simply the result of poor cyber hygiene. 

The concept works in exactly the same way as personal hygiene, in that people who maintain their health by taking preventative measures are less likely to get sick while those who don’t put themselves at a greater risk. 

When it comes to organizations, poor cyber hygiene creates chinks in your security architecture that attackers can exploit. That’s why practicing good cyber hygiene is so important. Simple steps like using strong passwords, multi-factor authentication, updating software regularly and securing backups all go a long way to keeping your security infrastructure intact. 

Watch Out For Insider Threat

Recently we’ve seen a growing number of attempts by groups like Lapsus and Conti to actively recruit individuals from within governments and businesses to sell remote access credentials. There are advertisements all over the internet with groups overtly asking for this kind of access and offering good money for it.

It’s not just money that can motivate insider threats either, sometimes the intent can be malicious. Perhaps an individual doesn’t agree with the politics and policies of the organization they work for. Or they’re leaving, so take access with them or leave back doors open for attackers to get in after they’re gone. 

Whatever their motivation may be, monitoring is vitally important in order to protect from this kind of insider threat. Fortunately, the behavioral analytical heuristics that are now set within security programs are specifically designed to spot unusual activity. Used in conjunction with good cyber hygiene, organizations can help to protect themselves from attacks wherever they originate from. 

How Can Governments Combat The Rise Of Ransomware? 

It’s easy to look at recent attacks and think this is trouble in a faraway land. But the simple truth is that attacks can and do happen everywhere. In fact, our most recent Check Point report shows that Latin America is facing the same level of threat as those of us here in Europe.  

The problem is that we’re not doing enough to ensure that organizations, whether private or public sector, are protected from the rise of ransomware. Indeed, while governments have worked to implement stringent measures in areas like data privacy the same can’t be said for ransomware. 

So, where there should be strong compliance or mandates in place to ensure that organizations are adequately protected, there are instead guidelines and best practices that businesses can choose to follow. It’s a crazy situation. After all, in other areas of life like driving a car, for example, you need to reach a certain level of qualification or capability before you’re given a license. But you don’t need any specific qualification or certification to be given the task of securing a business. And until ransomware is treated as seriously as other areas, organizations across the world will be put at risk. 

Don’t Get Complacent

Cybersecurity can't just be another tick box exercise and governments must act to set standards and enforce compliance in order to ensure that organizations are adequately protected. 

It’s time we started to adopt a risk management framework that ensures organizations are as protected from ransomware as they are from other threats facing their operations. We’ve got to become more proactive, conducting regular exercises, threat assessments and testing to ensure that we know our systems will stand up to attack.

Because the biggest lesson we can take away from the plight of Costa Rica is that ransomware attacks can and do happen to anyone. 

Deryck Mitchelson is Global Chief Information Officer at Check Point

You Might Also Read: 

Ransom: Prepare For The Worst:

 

« Iranian Hackers Try Intercepting Israeli & US Government Emails
Two Million Extortion Emails Blocked Every Day »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

RioRey

RioRey

The DDoS mitigation specialist, from single server to Enterprise wide carrier level networks the RioRey Solution provides effective immediate and easy to manage protection.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

NAM-CSIRT

NAM-CSIRT

NAM-CSIRT is a team established to contribute to the security and stability of critical infrastructure and critical information infrastructure of the Republic of Namibia.

Sesame Technologies

Sesame Technologies

Sesame Technologies provides advanced cybersecurity services to protect businesses from digital threats.

Corridor

Corridor

Corridor is the AI-powered platform that autonomously secures your codebase.