Image credit: FLY:D
Daniela Fernandez
February 17, 2022
As we enter a new year, it is clear that 2021 saw a surge in ransomware attacks, making them one of the most pervasive cyber threats today. One of the more prominent attacks was in December, when the private information of up to 80,000 South Australian government employees was stolen by cyber criminals demanding a ransom payment in cryptocurrency.
According to Palo Alto Networks the average ransomware payment reached $570K in the first half of 2021. One of the key reasons ransomware continues to be such a lucrative type of attack is the adoption of Ransomware as a Service (RaaS).
The RaaS model has opened the market to malicious actors and enabled them to leverage effective malware and ransomware tools to execute an attack without significant resources or technical expertise. This means almost anyone with access to the dark web and a relatively small war chest can commission a sophisticated and devastating cyberattack on almost any business or organisation, with small businesses increasingly among those targeted.
In the traditional model, the cybercriminal, whether an organisation or individual, required the technical capabilities to carry the attack end to end. With RaaS, like a Software as a Service (SaaS) business model, the organisation that develops the ransomware offers the variant for a subscription fee to different buyers.
In some cases, the buyers who want to execute the attack have access to the organisation offering the service, in other cases there’s a RaaS operator (broker) who helps identify the different tools required to carry out the attack and facilitate transactions between the providers (spam, botnet, malware) and the buyers.
Cybercriminals offering RaaS have become more sophisticated and mirror legitimate business practices including having a code of conduct, playbooks to conduct attacks, marketing campaigns to attract new buyers and hacker employees and, brochures to highlight benefits of the different subscription options.
There are some basic actions businesses of any size can take to protect against a ransomware attack and reduce your exposure.
Most ransomware attacks exploit known vulnerabilities for which patches are usually available. Ensure your operating systems are up to date and prioritise patching of vulnerabilities, especially for systems and devices that are internet facing and/or store, process or transmit sensitive data.
Enable MFA wherever possible, especially in access points that are internet facing, to lower the risk of a successful attack. Multi-factor authentication requires users to provide two or more pieces of evidence to verify their identity before they can gain access to a website or application. These days, most applications and consumer services offer this capability. Ensure you enable MFA to secure everyday authentication to the services you offer and consume.
Having a strong endpoint security solution in place will help you protect end-user devices that could serve as potential point to access corporate network. Endpoints include any device with internet connectivity such as laptops, tablets, desktop computers and mobile phones.
Phishing is one of the most common attack vectors for ransomware and many other types of attacks. Hence, you should detect and block malicious emails, as well as make it easy for users and employees to report suspicious emails so they can be blocked from other users and the domains can be reported in a timely manner.
Last but not least, empower your staff with the necessary knowledge to identify and report suspicious activities and emails to the correct channels. When it comes to protecting your data and systems, behaviours are just as important as technical controls. Creating a positive cyber security culture and making people the strongest first line of defence can make a huge difference to minimise the risk of any cyber-attack.
With the shift to remote working due to COVID-19, attackers have found more paths to access secure networks. These include taking advantage of weak wireless security settings, out of date operating systems in personal devices (mobile, tablets, printers, computers) that employees use to access the company network, or in corporate devices that are increasingly used for personal activities.
Therefore, in addition to the corporate controls that the organisations put in place, as individuals we should take simple steps to protect ourselves and our families. These steps include:
It is expected that the RaaS ecosystem will continue evolving, as cyber criminals use the money collected through ransoms to operationalise their business model and fund more sophisticated attacks.
As long as ransomware continues to yield profits for cybercriminals, we will keep seeing new variants and significant increase in the use of RaaS. This might be the reason why governments are working on putting legislation in place to deter malicious actors and stop ransom payments however, it will take time before such legislation is actively enforced. In the meantime, organisations should familiarise themselves with the concepts and impacts of ransomware, prepare to prevent such incidents and respond effectively to possible attacks.
The content and information provided is for general informational purposes only. You should always obtain independent technology, business, tax, financial and legal advice before making any business decisions.
Read more:Cybercrime threats facing SMBs in Australia
Read more:Ransomware is a killer for SMBs: Here’s everything you need to know
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
Daniela Fernandez
With over 15 years' experience in Information Technology, Daniela is a cyber security and analytics leader, who values integrity, diversity of thought, continuous learning, sense of achievement and ensuring a healthy work/life integration.
How to make significant savings by switching to a specialist EFTPOS provider.
Smartpay
December 14, 2021
How to use keywords to put your Google Ads in front of the right audience.
Metigy
December 6, 2021
Discover how Google Ads can turbo-charge your business.
Metigy
November 18, 2021
It is vital for employers to understand the difference between performance management and disciplinary action.
Employsure
November 11, 2021
How Australia’s new sexual harassment legislation will affect your business.
Employsure
November 9, 2021
About Us
Dynamic Business has been helping business owners and managers for 27 years
© Copyrights 2020 by Dynamic Business – All rights reserved.
source
This post was aggregated from Dynamic Business (https://dynamicbusiness.com).