July 26, 2021
By Rhia Prajes
With recent high profile cyber-attacks, ransomware has disrupted and halted operations for thousands of businesses across the country. In 2021, your network's safety is as good as your users’ and your Managed Service Provider's security. Know what you can do to secure your network and who to trust.
Ransomware in the News
On July 4th of this year, a ransomware attack stuck Kaseya, a Miami-based MSP software company, and crippled thousands of businesses around the globe. The company’s tool to remotely manage a company’s IT networks was vulnerable and exposed 30 Managed Service Provider customers. As a result, threat actors were able to proliferate phishing campaigns targeting MSP customers during the holiday weekend when defenses were down.
Meanwhile, two months ago, a ransomware outbreak struck the Colonial Pipeline's networks and hampered the East Coast’s fuel supply for consumers, aviation, and the military. This attack proactively took payment systems offline, which temporarily halted all pipeline operations which affected nationwide security and infrastructure.
While these two attacks share the same pattern of utilizing phishing emails, the Kaseya attack used a never-before-seen-security vulnerability to take the victim’s defenses down, otherwise known as a Zero Day Vulnerability. On the other hand, Colonial Pipeline breach occurred due to a single leaked password from an old account that had access to a Virtual Private Network (VPN) used to access the company’s server. Since the old account did not have a multifactor authentication, it was easily compromised without additional protection.
Heres a detailed breakdown of how these recent attacks compare:
|Target:||IT Providers; Executive and Management Teams||Energy Systems and Supplies East Coast of US|
|Cost:||$70M in bitcoin ransom demand||$5M worth of Bitcoin paid ransom|
|Vulnerabilities:||Remote Desk Control||Virtual Private Network|
|What is it?||• Zero-day Vulnerability
• Remote access to external facing assets of Kaseya
• Threat actors encrypt files to block access and demand a ransom
• Double extortion
• Ransom paid in Bitcoin
|• Zero-day Vulnerability
• A ransomware outbreak that struck Colonial Pipeline's networks
• Took Colonial Pipeline's systems offline and affected some of the IT Systems
• Halted all pipeline operations
• Ransom paid in Bitcoin
|Scope of the Attacks:||• 800-1,500 businesses worldwide
• 30 managed service providers using Kaseya spread ransomware to over 1,000 businesses
• Hundreds of stores in Sweden shut down due to inoperative cash registers
• 11 schools and kindergartens in New Zealand attacked
• Exfiltrated massive data threats
|• One of the largest and most successful cyberattack of the country's infrastructure
• Shutdown of United States’ largest pipeline resulting to gas shortage and nationwide panic
• Disruption of supply lines to consumers, aviation, and the military
• Impacted price increase of basic commodities
• Over 100GB of corporate data was stolen in just two hours
The Evolution of Ransomware-as-a-Service
Ransomware has greatly grown its popularity among cybercriminals in the last ten years due to the leverage it exerts over affected businesses. Once inside, it can run through the files, emails and other communications that may contain proprietary company data, trade secrets, financial figures, and personal data. These can be exfiltrated that might be used for threatening and exposure of these sensitive information to leak sites, public and even disclose data breaches to government authorities. More recently, Ransomware providers also perform “Double Extortion” to its victims by threatening them to leak stolen data if ransom is not paid, potential causing immense damage to the companies reputation. Reports show that these cybercriminals often target top executives of both small and medium enterprises and large corporations.
REvil, DarkSide, GandCrab, Lockbit, and RagnagLocker are few of the notable cybercriminals that distressed both the local and international communities. They have become a threat to businesses and even national security. It has been reported that the average ransom paid for the year 2020 was more than $300,000 and the highest payment has doubled from $5 million to $ 10 million. These threat actors tagged themselves as providers of Ransomware-as-a-Service that this software to other cybercriminals which imposed threats from a greater number of sources and a higher risk of security breaches.
2021 and Post-Pandemic Cybersecurity Trends
In a matter of hours or minutes, ransomware can infect network through email links or Email attachments, Virtual Private Network Attacks, and Remote Desk Protocol Attacks. On average, ransomware can stay 200 days inside a network undiscovered, allowing the threat to proliferate and spread. With that in mind, it is imperative for businesses to implement highest standards of security practices and tools, and partnering with the most reliable IT service providers to ensure safety of all key players in the organization.
The common security measures that are widely implemented are the use of firewalls, antivirus or anti-malware, varied passwords and password protection, two-factor authentication, single sign-on, among others that build a defense against hackers inside your network.
Here are some of the ways that protect your business and your key people from cyber threat:
Backup and Recovery
As businesses increasingly embrace the digital world, the data you use every day is critical to your success. With the threat of ransomware ever present across industries, Backup and Recovery is a must! In the event of a ransomware attack, backup and recovery solutions ensure that you can quickly resume operations without even considering the payment of a ransom.
One of the number one causes of breach and cyber-attack is a compromised user account. With an identity management system in place, businesses can get a full view of who is accessing their network and integrate controls against stolen accounts. For example, you can enable multi-factor authentication to secure account access and establish single sign-on to limit the number of user accounts handled by any given user (Thus reducing risk of theft!)
Mobile Device Management
As businesses embark into Digital Transformation, mobile devices are being used to stay connected to the company’s network and processes. While access for employee-owned devices offer flexibility to end-users, each device presents a new vector for threats to reach your network. For that reason, organizations must make sure to exert unprecedented levels of control over all the devices used across the company. Using a cloud-based MDM portal, you can easily integrate and monitor employee-owned devices for threat through secure remote management portals and keep your user devices compliant to the standards to require.
In order to defend against threat when it *does* reach your devices, it is important to have and anti-malware defense to safeguard your most critical assets. With a cloud powered anti-virus, like Windows Defender, you can be secured with updated malware signatures in real-time and have a intelligent analysis to identify risky behaviors and compromised accounts. When threat is detected, such serves can provide automated remediation to ensure malware doesn’t progress further into your environment.
Threat and Trend Analysis
By leveraging intelligent, cloud based security technology, you can gain a holistic, multi-level view of the IT environment in which build a proactive defense against new and evolving threat. It is essential to deploy informed security personnel that can read your security data and forecast your threat risk so you can regularly implement proactive changes to your security policy.
While these security tools will help to secure networks against threat, nothing beats the double layer of protection of a well-informed workforce. Security Policies and Cybersecurity Employee Trainings are some of the best ways to combat ransomware and other security threats delivered via Phishing. By instilling employees’ minds and attitudes on best practices, users will be able to clearly identify attempts to manipulate them and reduce overall risk of exposure to such risks.
With the kind of cyberattacks that we have right now, it is essential to have a security system that is as proactive against threats, as it is reactive to them. As a full stack Microsoft service provider and a Microsoft Partner Award Winner, Metro CSG can help your business navigate the complexities of such IT decisions. We offer integration of Microsoft security tools and Advanced Security Management, a comprehensive security package and proactive defense encompassing threat monitoring, user training, data protection, and support for compliance.