Anyone attempting to maintain good security must take this changing threat scenario in the IT sector seriously. The tools and strategies you need to safeguard your firm are changing in the “post-breach” era, when sophisticated cyberthreats like ransomware, phishing, and others have supplanted large-scale data breaches as a major threat.
CIO World Asia spoke with Mark Lukie, Director of Solution Architects – APAC at Barracuda during Cloud Expo 2022 where he shared about the analysis of several recent attacks, diving deep into why today’s multi-vector ransomware attacks and other sophisticated cyber-threats require an integrated, comprehensive strategy.
Recent Cyber-attacks that have driven many companies to step up their cybersecurity efforts
When it comes to cyber security breaches, it’s definitely a wake up call for organisations. No one wants to be part of a breach, but when they are, it really forces them to look at what they’ve been doing that’s been ineffective or something they can strengthen down on. This is where teams would also sit and identify if there is something missing in their strategy and if they have a team that are ready to respond in a critical incident – and especially if they have tested out these processes.
There have been some very well-known breaches, especially a large ride-sharing service that was recently hit, which came as result from multi-factor authentication fatigue. As we can see here, even using two-factor authentication as a means for security can easily be breached by hackers when it isn’t updated in a timely manner. It was occurred by a contractor that was constantly being bombarded by MFA requests. “Hey, something’s there wanting to log in over and over and over again.” It’s that one time where they click it and just like that, the attacker then gains access now.
Is this then a technology problem or a user problem?
“I think at the end of the day, it’s multifaceted when it comes to security. It’s about the technology. But it’s also about the people training the people, educating them. You know, making sure that they are part of a security culture in within your organisation,” said Mark.
Ransomware isn’t new, so why do businesses keep falling for these attacks?
There’s a lot of data that these attackers are after. Ransomware is a is a means to an end, it’s the way that the attackers can gain financial and monetary advantage from an organisation. But in terms of how they get there, all of us are users. We have username and passwords and we probably put our e-mail addresses into coffee shops, and different rewards programmes. The disrupters are therefore after that data. It’s simpler for them to purchase a list of compromised usernames, passwords, or even simply email addresses, and then launch an attack on businesses. Before breaking into an organization, attackers can purchase the credentials, which is much less expensive than hiring a professional criminal agency.
There will always be ransomware. “According to data, it has risen by roughly 13% over the past year, but not by that much over the previous five years,” according to Mark. What has changed, then? They can purchase more data, and it gets cheaper and more efficient. There is ransomware as a service that is available, and it also turns into a little bit of a lottery. The more times you launch an attack, the more likely it is that it will succeed.
How many measures in place can you do so? Do you have a recovery strategy? Can you back up your data but also not only recover your data, but recover all the systems? Especially when you are at the mercy of an attacker that has completely disarmed your business. The key thing here is to respond in a timely manner. Most people have a great backup solution, but have they put it to test? Have they simulated a complete outage? Have they recovered their data? Do they know how long it takes? Is their backup susceptible to also becoming ransom?
“If you take away your insurance policy, you don’t have an insurance policy for that policy.”
- Mark Lukie, Director of Solution Architects – APAC at Barracuda
What’s unique about these attacks and how are they evolving?
Mark wouldn’t suggest that these attacks are unique. “I would say that what happens is that attackers will change their behaviour to reflect what is effective and more pertinent to what is happening.”
Working from home is a great example. There are more distractions, right? People are working from their own devices that are not necessarily controlled by the organisation. There are more distractions such as clicking on things and our data can get leaked easier from our people to our human workforce.
New varieties of ransomware are appearing, which means that if you become infected, they will demand a ransom from you in order to release your data. They’ll conduct a life proof to demonstrate their existence. Before they post that data online, that data will also demand a new ransom. In order to prevent further publication of this, they may also request a predetermined payment on a monthly or yearly basis. These triple and quadruple extortion attempts are being made to extract a larger payment from the organization. It’s quite scary. Knowing your business and developing coping mechanisms for a bad reputation are key.
Avoid paying a ransom. That only serves to feed the beast. The attackers would ultimately just keep doing what they’re doing if the ransom is paid, so a better answer would be to have early detection tools and make sure you have a security team or staff. analysts with analytical skills, Mark suggests.
Threat evolvement in APAC as we move towards 2023
The pandemic has shown that attackers are very good at changing their message to be according to trends and the latest happenings. Attackers are always going to remain on the forefront of what human society is doing. In the cybersecurity landscape, vendors will always create an antidote or a solution that prevents them from doing that. In comparison to prior generations, the generation that is currently in school and going through university will likely receive more exposure to personal cybersecurity. The younger generations are spearheading this zero-trust attitude and it would take a lot for them to share any personal information anywhere at all.