Ransomware has been a huge problem for organizations for many years now, and will continue to be for the foreseeable future.
In a recent briefing with ITWC, Henry Hernandez, Cloud Delivery Security Services Consulting Engineer, Palo Alto Networks, said that while email remains one of the main ransomware attack vectors, it is by no means the only vector you should be monitoring.
“[Email is] not the only way a ransomware element could infect your organization,” he said. “You could have an opportunistic ransomware attack where a banner ad … has the right kind of code to gain that initial foothold and start that element. [An attack could also come] through somebody who had worked as a consultant at another business.”
There are many ways in 2023 for a hacker to gain access to your systems. As Hernandez pointed out, a lot of “new tech” has emerged – everything from ChatGPT and other AI platforms to the IoT. As more and more data is produced and stored, and as connectivity expands worldwide on the Internet, the cyber risk increases dramatically.
Criminal and nation state hackers have never had it so good.
Watch “Evil-ution of Ransomware” on demand
Giant Leap
In the ITWC briefing, “The Evil-ution of Ransomware,” Hernandez took attendees through the entire history of ransomware, from the AIDS trojan (PC Cyborg Virus), released via floppy disk in 1989, all the way to today, where ransomware has become big business – a huge moneymaker for bad actors.
Today’s ransomware outfits are set up like real corporations, with even help desks to assist you in making a payment. “[It’s like] ‘Okay, thanks for paying us – here’s what you do if you need help decrypting or whatever it is you need to do to get back in business,’” said Hernandez. “It’s gotten to that level of sophistication. This is a multibillion-dollar big business … it’s become almost a legitimate business in some parts of the world.”
Expert Takes
Hernandez provided briefing attendees with a number of expert takes aimed at helping organizations up their security game:
Perimeter Mentality – “How many times have you heard ‘I have a really strong perimeter … and a great firewall.’ I equate that in today’s world with ‘Hey, I have a really cool castle … and a moat and sharks with lasers.’ But that’s just your perimeter. If I leave the drawbridge down, and the gate open, I’m just walking in and out.” The global crisis, said Hernandez, has shown that the perimeter is basically nonexistent. “Your network is no longer your data center and your physical office … [it’s] the entire planet.”
Outmoded Technology – “When you look at things like a URL filter, antivirus products, IPS products – [in the past] lists were fine [when the pace of technological change was lower]. I could wait to get a new update on list of bad IPs or bad domains. That was fine when the Internet wasn’t so fast, so dominant in our business.” Not so anymore. Old tech, said Hernandez, brings vulnerability.
Segmentation – “Segment, segment, segment,” said Hernandez. “If this actor is standing, and he is aware only of [one particular] element of your network, [and there is] this whole ocean over here, that’s great because only a little section will get owned by ransomware – the rest of [your] company will be protected.”
Least Privilege – The question of access privilege is becoming more complex and layered as the Internet of Things explodes. Hernandez said it’s not longer just about whether a specific person gets a certain level of access but also what access a device or range of devices gets. “When you think [about] privileges,” he said, “don’t just think users; [think also how you’re going to] restrict devices.”
Watch “Evil-ution of Ransomware” on demand
The post Ransomware bad actors have upped their game. Will you? first appeared on IT World Canada.