The shift to remote working has triggered an eye-watering amount of ransomware attacks in recent months and business leaders must ensure they have the correct tools in place to secure their organisations. Keith Glancey, Systems Engineering Manager, Western Europe at Infoblox, discusses the rise in ransomware attacks and how organisations can protect themselves from cybercriminals.
Why has there been such a big rise in ransomware attacks?
Ransomware is nothing new. However, it has once again dominated the headlines in recent months as several high-profile companies in different sectors have found themselves falling victim to attacks. With the recent attacks on the UK arm of Salvation Army, Ireland’s Health Service Executive and JBS – the world’s largest meat processor – it’s clear that ransomware has far-reaching consequences for society as a whole.
While this recent rise in attacks has a number of causes, COVID-19 in particular has presented threat actors with new opportunities, particularly as employees have largely moved to remote working. The biggest challenge with remote work is that employees are working on relatively less-secured wireless networks, on personal devices (where they can mix business with personal use) and in environments where they are surrounded by a growing number of other, less secure IoT devices. These factors all provide attackers with a growing number of vectors through which they can infiltrate the expanded corporate network, and cybercriminals are taking advantage.
Is ransomware more of a problem for enterprises or high net worth individuals?
While enterprises are typically more secure than a high net worth individual – and should have teams and tools in place to protect their data – their multiple layers of employees and network connections make them bigger targets. Cybercriminals get more opportunities to set up malware that can infiltrate the system. Enterprises also typically make more attractive targets, given how valuable their data is to multiple stakeholders – including employees, business leaders and customers.
With so many security tools at our disposal, how do cybercriminals continue to hack so effectively?
Put simply, ransomware continues to be so effective because it’s easy and lucrative. To add to this, the threat actors behind it continue to innovate at scale. Remote working has opened up many new avenues for them to explore and manipulate, including insecure Wi-Fi connections, mass document sharing via unapproved cloud folders and browsers with insecure plugins. Left unprotected, these areas pose a significant risk to corporate networks.
Meanwhile, research shows that email is responsible for 75-90% of malware delivered to organisations. Despite awareness training and widespread warnings against spam, users continue to open suspicious emails, both in their business and personal accounts. They also click on malicious email attachments and URLs, and view websites not generally associated with business use. In addition to human behaviour, the rise of Ransomware-as-a-Service is making it easier (and cheaper) for bad actors to launch these campaigns.
What’s the first thing an enterprise should do if it is subjected to a ransomware attack?
When it comes to ransomware, the only truly effective approach is prevention. If an unprotected system gets attacked, there is no way to guarantee the retrieval or decryption of data.
Therefore, mitigating risk before an attack can happen is the most effective defence an organisation can have. Security solutions – such as those that leverage DNS – that can interrupt the malware’s attempt to connect to the command-and-control server, as well as frequent and robust backups, are key. Other best practices include network segmentation and having a recovery plan that includes retaining multiple copies of sensitive data in a physically separate and secure location.
Is stopping ransomware just a case of shifting from detection to prevention?
Prevention is key in helping organisations protect themselves from ransomware attacks, especially since data shows that as of the end of 2020, many organisations had still not implemented necessary cybersecurity to protect their distributed user bases.
One effective way that IT teams can protect their network is by increasing visibility. This is where DNS tracking comes in. DNS is a core network service which means that it touches every device that connects to a company’s network and the wider Internet. When applied to security, DNS can help protect against ransomware attacks by detecting and blocking communication with known C&C servers. It can help stop an attack before it even starts since 90% of malware, including ransomware, touches DNS when entering or leaving a network.
To take it to the next level, businesses can merge DNS with DHCP (Dynamic Host Configuration Protocol) and IPAM (IP Address Management). This combination of modern technologies – collectively known as DDI – can pinpoint threats at the earliest stages, and when paired with DNS security solutions can identify compromised machines and correlate disparate events related to the same device.
What solution does your company offer?
Infoblox’s cloud-managed DDI solutions provide enterprises visibility into each action connected devices make on the corporate network. This is crucial to spotting potentially suspicious activities, which pairs well with our BloxOne Threat Defense.
It works with existing security investments to protect networks and automatically extends security to digital imperatives, including SD-WAN, IoT and the cloud. This technology slashes the time to investigate and remediate cyberthreats, optimises the performance of the entire security ecosystem and reduces the total cost of enterprise threat defence. Together, these solutions turn core network services into a valuable security asset.
How can we expect ransomware attacks to develop in the coming months and years?
Ransomware attacks are growing in sophistication. The Colonial Pipeline attack shows that these actors are getting bolder. Even as the world battled the Coronavirus surges, ransomware gangs chose to target hospitals. Critical services with life-or-death consequences are fair game to today’s attackers.
As with most complex issues, there’s no silver bullet for cybersecurity, but organisations have the power to turn the tide. More often than not, ransomware succeeds when an organisation isn’t effectively prepared. Organisations should expect ransomware attacks and prepare accordingly.
To that end, business leaders should not just zero in on specific policies and practices, such as frequent and off-network data backups, that can help mitigate the effects of a ransomware attack, but also zoom out to secure the entire IT stack from the malware in the first place. Postures such as Zero Trust is a framework that selects security tools with the assumption the network will be breached. It pairs with defence-in-depth, which seeks to secure all layers in the network. Both models focus on proactively and holistically mitigating damage beyond perimeter defence.