iTech-Ed Ltd

Ransomware – some recent thoughts

Follow us on Twitter

Pinterest


Monday, 29 July 2024

Cybersecurity technology and information security company, Cisco Talos, recently published some interesting information on the tactics, techniques, and protocols (TTPs) used by the top 14 ransomware groups. Let’s see what we can learn from it.

Firstly, they looked at the steps in a ransomware attack, which won’t come as a surprise. The steps were:

I would suggest that the attackers might also look for links to other organizations. These supply-chain attacks allow the bad actors to use one attack to get into the systems of multiple organizations.

Cisco Talos does offer some suggestions of how to mitigate the threat of ransomware. These are:

One of the big problems facing the IT security team is the number of people working from home. Indusface, an application security SaaS company, has suggested nine ways to protect company data for people working remotely. Here are their suggestions:

  1. Provide company devices. This allows organizations to fully manage and secure the devices used to access company data. The devices should be updated and encrypted with SSL certificates. If that’s not possible, home-workers should be given everything they need to secure their own devices, eg anti-malware software.
  2. Scan and penetration test applications. Pen testing protects against data breaches by simulating real-world attacks on systems and highlighting vulnerabilities including privilege escalation attacks. Where vulnerabilities are identified, appropriate defensive measures can be taken.
  3. Utilize virtual private networks (VPNs) across the business. VPNs are easy to implement and protect data that could otherwise be vulnerable to attacks over an open public network.
  4. Deploy a web application firewall (WAF). This will protect web applications from attacks. An AI/ML based WAF should detects anomalies and block illegitimate requests even if they are made through compromised employee credentials.
  5. Employ encryption software. Encrypting sensitive files means that were someone able to steal the files, they would not be able to access the data or content. Security policies should ensure that all remote workers know how to encrypt files and when it is necessary. Routine checks should ensure the policy is being followed.
  6. Strict password management. Hackers rely on weak passwords when brute forcing point of sale (PoS) terminals. Use automatic password generators to create safe and secure passwords, and ensure that passwords are unique and never duplicated across multiple accounts. For sensitive data, employees should always implement multi-factor authentication (MFA), requiring users to provide multiple methods of verifying their identity.
  7. Rigorous access controls. Organizations should apply the principle of least privilege when it comes to access control, ie allowing users access to only the specific assets that they require for their work. Access to files should be revoked as soon as it is no longer necessary, such as when an employee leaves, or a person’s involvement in a project is over.
  8. Provide employees with what they need. To make their jobs easier, remote workers may implement tools, systems, or habits that are not sanctioned by the company. This shadow IT could include using risky apps and tools, sending files through unsecure channels, or storing assets somewhere unprotected. Provide remote workers with all the tools they may need to do their job effectively and ensure that they are aware of all the approved platforms that they have access to.
  9. Fully prepare and train remote workers. Organizations can implement security strategies, but efforts will be futile unless remote workers fully understand what the procedures are and why they are important. Training staff regularly and testing the effectiveness of the training (eg phishing email simulations) is important.

There are some useful hints and tips there. Although they are mainly PC-based ideas, accessing the Windows infrastructure may be just a short-step away from accessing an organization’s mainframe.

 

If you need anything written, contact Trevor Eddolls at iTech-Ed.
Telephone number and street address are shown here.