By Tom McVey, Solution Architect, Menlo Security
Last year, Kaseya became the victim of the largest ransomware attack in history when Russian-linked hacker group REvil breached the US software company’s systems, in turn gaining access to the subsequent systems of approximately one million other companies. The ransom they demanded was a staggering $70 million.
We saw a similar story in May 2021. Both Irish Health Services and insurance company AXA were hit by ransomware attacks, the former forced to shut down its systems entirely to protect itself, causing mass disruption and placing a huge strain on the country’s healthcare service. In the same month, the University of Northampton of the UK saw its entire network go down as a result of a ransomware attack, severely impacting students’ learning.
It is no coincidence that such significant attacks were orchestrated in such a short space of time. According to Bitdefender’s Mid-Year Threat Landscape Report 2020 ransomware attacks were up 700 per cent that year.
Much of this spike can be attributed to the changes brought about by the pandemic. Where remote working shifted to a lockdown-enforced necessity, countless organisations had no choice but to switch from physical to digital working practices almost overnight.
Critical IT infrastructure had to be adapted. Consequently the digital landscape was greatly expanded, which led to the exposure of security vulnerabilities that cyber criminals have since exploited at scale. While the volume is increasing, what is even more alarming is the fact that such attacks are becoming increasingly sophisticated.
In recent years there have been huge strides made in technological advancements, much of which have been put to good use in many ways. Yet, for cyber criminals, it is allowing them to create highly legitimate looking campaigns, such as credentials phishing, with the ability to tap into personal information gleaned from social engineering initiatives.
It is now easier than ever for them to get a targeted user to click on a link in an email that looks like it’s coming from a colleague or a trusted person or brand. All it takes is that one click to set the attack in motion.
It’s not just emails either. Ransomware is also being embedded in digital advertisements and content modules on news sites, making the filtering of URLs using white/blacklists redundant in preventing many ransomware attacks.
Extortion Attacks
Beyond these complex phishing techniques, we are seeing the emergence of a new category of ransomware attacks called double extortion attacks. This is when ransomware is embedded with counter incident response tools baked right into the malicious code. Alongside this, tactics such as security tool disablement/bypass, distributed denial-of-service (DDoS) attacks and log destruction are also on the rise; one of the key reasons that over two thirds of breaches remain undetected for months.
Such is the severity of the problem that a 2021 Menlo Security survey revealed that more than two thirds of people believe cyber criminals should receive prison sentences. Meanwhile, 60 per cent believe that ransomware attacks should be viewed as seriously as terrorist attacks.
While harsher penalties may deter some threat actors, it is highly likely that ransomware attacks will continue to grow, and organisations need to be proactive in protecting core assets.
So what can be done to overcome the challenge? Enter isolation and zero trust – a security-focused combination that can be used to stop ransomware in its tracks.
Isolation technology has been designed with the purpose of protecting users as they navigate the web. It works by creating a virtual air gap between the Internet and enterprise networks. All email and web traffic goes through the isolation layer, where the content is still visible but is never actually downloaded to the endpoint.
It does not impact the user experience. Rather, it simply removes the risk of malware exploiting vulnerabilities on the endpoint.
Zero trust enhances this, working to block both known and unknown potentially malicious activity. It assumes that all web content is harmful and prevents any website from running code on users’ devices. It’s a way of protecting users from untrusted actors without inhibiting their ability to do work.
Using this combination, attackers are both prevented from gaining an initial foothold in a network, leaving ransomware with no route to reach its targeted endpoints.
About the Author
Tom McVey, Solution Architect, Menlo Security. Tom is a Solution Architect at Menlo Security for the EMEA region, a leader in cloud security. He works with customers to meet their technical requirements and architects web and email isolation deployments for organizations across different industries. Coming from a varied background in cyber, Tom provides expert cybersecurity advice and strategic guidance to clients. Tom previously worked for LogRhythm and Varonis.