Since May 2017, malware and ransomware attacks have been on the minds of business leaders across the planet. Although most of us have enhanced our cybersecurity protocols, the war on ransomware is far from over.
Over the last few weeks alone, ransomware has been able to penetrate the systems of the PGA of America and the borough of Matanuska-Susitna in Alaska. When it comes to the latter, local government workers were forced to turn back time and use typewriters to go about their daily tasks.
During the same period, Google also announced that it removed 145 apps from the Play Store that had malware designed to attack your computer. Unfortunately, people had already downloaded them hundreds of times. This puts these unsuspecting users at risk of revealing sensitive information like credit card details and passwords because the virus tracks keystrokes.
The costs of these attacks can be far-reaching. In fact, last year a major Canadian firm was forced to pay as much as $425,000 in Bitcoin to regain access to their enterprise systems. Beyond the cost of a ransom payment, businesses also have to consider the impact an attack can have on business continuity and brand reputation.
Security researchers have found that ransomware attacks are on the decline, but we’re not out of the woods yet. While the number of attacks may be falling, they’re now more sophisticated and highly targeted.
What’re the Latest Tricks Employed by Bad Actors?
As enterprises across the planet have taken steps to combat malware/ransomware, cyber attackers have been forced to get creative.
Ransomware normally encrypts files on a device or on a network and then locks the user’s screen. As evidenced by WannaCry, once on the network, ransomware can spread laterally and infect other machines without any intervention from bad actors or the infected user.
Slow and Random Encryption
These days, ransomware developers have slowed down the encryption process to avoid detection. The danger when encryption is spread out over an extended period of time is the fact that enterprise backup files will be at risk of getting infected as well.
Sometimes, the encryption process has also been randomized to help avoid detection by anti-ransomware tools. As these tools are programmed to look for linear patterns, ransomware can slip through undetected by following an irregular pattern.
As bad actors are willing to take their time, there’s a significant threat of malware operating like “sleeper cells” that lie dormant for months or even years before it's activated.
Parallel Attacks
Malware/ransomware attacks were typically launched as a single process to encrypt files on a system. Now we’re seeing more multi-threaded attacks where encryption is accelerated and hard to stop.
While security teams might be able to stop one or two of these, it’s near impossible to prevent all of these processes from causing serious damage. When this approach is combined with polymorphic ransomware code, everything can come to a rapid standstill (because the system will be overwhelmed).
Polymorphic code can be described as malware that makes slight changes to its code before it spreads. As the code will change every 10 or 20 seconds, statistical detection will quickly become a massive challenge.
Decryption is also getting more difficult as ransomware coders are getting much better at their craft. In the early days, bad actors usually made mistakes because they weren’t encryption experts, but today, they’ve taken it to a whole new level.
Ransomware Delivered Through Files
As enterprises invested heavily in educating employees on how to spot phishing emails (and the questionable links within them), cybercriminals have had to adapt. In 2018, we are seeing more ransomware being delivered through common file types like Microsoft Word documents, JPEGs, and PDFs.
Once the file is opened, the malicious code will be activated and introduced into your environment. As a result, it’s critical for businesses to keep up with the latest malware trends.
What’s the Best Approach to Negate the Next Attack?
While malware attacks have certainly become more sophisticated, they’re still detectable. However, detecting these infections will demand an active approach from all stakeholders.
The best way to protect your business from a future security incident is to prepare for it. It’s also important to have a robust response plan in place to respond to a malware attack.
Employee Training
Although I have written about it many times before, I can’t stress how critical regular employee training is to cybersecurity. Beyond training, security teams should also keep staff updated on the latest malware/ransomware trends (for example, not downloading files from a questionable source).
All it takes is a second for an employee to open a phishing email and click on a malicious link, so it’s imperative to invest your resources to make them highly alert. This means that security professionals should also highlight the less obvious attacks to empower employees and make them the first line of defense against ransomware attacks.
As human error is inevitable, it’s a good idea to implement two-factor authentication to limit the damage (whenever credentials are compromised).
Security Audits and Testing
Security audits are critical to ensure that the steps you’ve taken are enough to protect your business from a potential attack. At the same time, enterprises also need to run drills to test recovery times.
It’s important to test recovery times as more often than not, they end up being much longer than anticipated.
Whenever resources are available, businesses should also employ an internal and external security team to conduct security audits and penetration testing. It’s essential to engage a trusted third-party as they will be able to identify whatever was missed by your internal security team.
Leverage Anti-Malware/Ransomware Tools
There are plenty of anti-malware/ransomware tools that can be used to keep malicious attacks at bay. However, these (including anti-virus software) need to be patched promptly and kept up to date on all systems.
This approach can limit the number of vulnerabilities in your IT infrastructure that can potentially be exploited. However, if your business is running legacy operating systems, none of this will make a difference. So whenever that’s a case, it’s imperative to initiate an enterprise-wide upgrade/update immediately.
Manage Data Intelligently
Managing data intelligently comes down to limiting access to employees based on a need-to-know basis. Steps should also be taken to revoke access whenever someone leaves the job or changes roles.
Following best practices, it’s also critical for enterprise security teams to encrypt sensitive data. As there’s no fool-proof way to protect yourself against a cybersecurity attack, this approach ensures that bad actors can’t access the information in the event of a security breach.