Despite the continuing drumming rate of hacks that are reported on an almost weekly basis, it can be safely said that cyber security is still far from being a “topic in the beginning” for most people.
Massive data breaches like Equifax, Marriott, and many, many more are being made to be another part of modern life.
While each of those cyber security incidents was quite severe in itself, for the public whose data was compromised, they represented more inconvenience than serious concern. Similar to stealing your credit card number, it can be annoying but it’s priced in the equation. The costs of fraud are not directly felt by the consumer, so they usually feel eliminated from the risk of fraud.
However, when an energy company’s billing department that no one has heard of has been breached and gas is rising – as was the case with what is considered perhaps the worst cyber security incident in the past year – people are starting to feel different. What can these attacks from the past year teach us about the future of ransomware?
Cyber threats, impact on the real world
Cyberattacks are increasingly having “real world” effects, putting critical infrastructure like energy and health services at risk.
Over the past few years, hospitals around the world have been hit by ransomware attacks, which effectively shuts down their ability to operate efficiently. Ireland’s National Health Service is the latest victim on a large scale. A woman in Germany died in transit while being sent to another hospital after a ransomware attack that disrupted services at the university hospital.
The latest wake-up call to the public is the attack that shut down the activities of the colonial pipeline company in May.
According to reports, hackers from Darkside Ransomware as a service Group (RaaS) hacked the Colonial Pipeline corporate network, and pasted them into ransomware. This led the company to cease operations, Closing the door by 45% Of the fuel transported on the U.S. East Coast.
While the specific vector of the attack – perhaps an unrepaired vulnerability, but more likely a type of social engineering technique like phishing – is unknown, it was Reporting That the attackers were given access to the business side of the company. There are no indications that they were able to access the industrial controls of the pipeline.
Upon discovery of the breach, the company shut down the pipeline operations. It was both a sensible safety measure and the right financial decision. When their corporate billing system is disabled, they will not be able to track and charge shipments.
Whatever their reasoning, the result was the same. As fuel shipments on the East Coast dwindled, fears of shortages spread and with it a plethora of bad ideas. Stories of people trying to do that Fill plastic bags with gasoline Led to officials issuing warnings against this and other unsafe practices.
After a slew of negotiations, it is reported that Colonial Pipeline paid the Darkside team. Estimates place the number somewhere between the $ 4-5 million Dollar range, depending on the value of Bitcoin at any given moment. With the ransom paid and a fair number of details on the results still unclear, the pipe goes back to pumping again. The fuel crisis was averted and like ransomware attacks on everything from hospitals to city governments before it, people returned to a “normal state”.
In the meantime, anyway.
The proliferation of hacking tools means additional goals
Changes in the hacking economy have created an environment where the potential for ransomware can be greatly exacerbated.
Carrying out more sophisticated and destructive attacks that can move an offline organization has in the past been pushed only by the more talented players among the threat factors. They had to write their own malware, build the infrastructure that would support their actions, and actually take care of all the details from start to finish.
That was then. It is now.
There has been a huge proliferation of burglary tool kits that provide burglary teams with everything they need to attack their targets. Dark network markets now offer comprehensive kits that include the malicious code along with everything else needed for an attack. Up to phishing emails that can be used to get into violation.
The impact of this market has been lowering the entry threshold for cybercriminals. It’s a kind of hacking democratization that allows anyone with a few dollars and time to go after a goal to get into the game. You can buy phishing kits on the Dark Web for As low as $ 5 While more complex tools can reach dozens Of thousands of dollars. But when the payment for a single successful ransom attack can go up $ 10 million, The ROI looks pretty appealing.
Adding oil to the fire is the fact that hackers are benefiting from the drip effect of malware and techniques developed by the players in the country. there is testimony That the NSA’s perpetual blue exploitation of Windows systems was later used in Russia’s most destructive NotPetya campaign in 2017. However, after state actors showed how effective exploitation could be, criminal gangs went into action by incorporating it into its own operations.
The result of these developments has led to a reality where there are now much more talented hackers out there, all armed to the teeth with effective tools.
Whereas in the past it took serious government officials like the US and Israel to develop complex code like Stuxnet to attack nuclear reactors, the breakthrough into the pipeline company shows us that crime gangs have the ability to inflict serious damage in the real world. Fuel not by targeting the actual industrial control systems, but by the less “critical” billing department. This may lead us to reconsider how we assess our threat model.
It also means that with more threat factors out there, there is significant potential for harm to far more targets than in the past. This is bad news for organizations of all sizes – – including those who were sure they were not “interesting” enough for hackers to give much thought to them.
Every organization has something valuable that they are willing to pay good money for its safe return and continued confidentiality. Criminals know this and now they have an expanded pool of targets to choose from. They also know that while landing a whale like a large energy company is likely to pay serious dividends, there are many mediocre companies and organizations that are worth their time.
Planning for 2022: Prioritize these three tips for stronger security
In light of these challenging developments, organizations need to take steps to make themselves more difficult targets for these hacking teams.
Here are some basic things to start with.
Repair, update and … repair
Even when 0-day vulnerabilities gain all the headlines, known vulnerabilities (CVEs) are still the starting point for hackers at the time of their hack. This is basically a free lunch because a published vulnerability tells the hacker what is vulnerable and how it can be exploited.
Repairing and updating systems can be difficult for IT teams to keep up to date, but it is one of the most effective ways to reduce the risk of attack.
Even if you are not updated on the latest vulnerabilities, you can be sure that hackers are.
2. Improve visibility everywhere
Visibility has been at the top of the list of network defenders for years. But now with the growth of social engineering attacks, there is a heightened awareness that we need to be visible everywhere.
Activity monitoring can help identify risk vectors, including misuse of preferred accounts that could be exploited by an attacker.
3. Authentication
Identity is the way we approach most of our work resources, primarily through usernames and passwords. This is far from an ideal situation because these credentials are easily stolen or impersonated, but this is the situation we have.
Reduce your risk with additional protections that go beyond these basic pieces of information. Technologies ranging from single-entry (SSO), multi-factor authentication (MFA) and other tools can help make it much more difficult for attackers to access your systems.
Are starting to take security more seriously
Dealing with the risk of ransomware is going to require a multi-directional effort from everyone involved.
From managing automated monitoring and controls on work devices and access to protection against unintentional negligence to educating employees about the need to be aware of the risks of opening emails and more. Social engineering Vectors, there are critical steps that companies can take, and more need to be done. Management needs to ensure that they implement the right solutions and establish policies that help close some of the gaps in their security.
There are also arguments that it may be time to do so Stop paying the ransom As a way to neutralize the attacks.
There will also be pressure from the government to intervene and raise the bar. In response to the colonial pipeline incident, the TSA did so Announced Because it will take steps to improve the enforcement of critical infrastructure security. There have been more than a few calls for the U.S. government to take more aggressive action against hackers who are outside its jurisdiction, though how exactly this will look given the current geopolitical situation is far from clear.
Together, we have an opportunity to turn ransomware into a less profitable venture for hackers and change the future of ransomware. However, looking at the evolving landscape of threats, it will be a serious effort going forward.
