Well, it seems the bad guys have won another one with the recent 75 bitcoin ransom payout to unlock the Colonial Pipeline. And despite early indications with the shutdown that other methods would be taken to restore service, it seems that sometimes crime does actually pay. This beg the question of if there are best practices, we should be implementing to take stronger steps towards prevention?
Ransomware Is Still Having Major Impact
It seems that as soon as you believe the market has found a way to prevent or at least limit as specific security exploit, another big hit makes headlines. Editor Josh Fruhlinger puts it bluntly on CSOonline.com by writing “Despite a recent decline, ransomware is still a serious threat.” And then he goes on to say:
“There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without needing to trick users.”
And if you haven’t been directly impacted at the gas station or seen the latest headline on the Colonial Pipeline ransomware attack, then you missed another example of where crime does pay. In this case to the tune of $5M. Wired Magazine reported “Colonial Pipeline Paid a $5M Ransom—and Kept a Vicious Cycle Turning” and goes on to chastise organizations that capitulate to hacker’s demands by paying the ransom and observe that:
“Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying. They either don't have the backups and other infrastructure necessary to recover otherwise, can't or don't want to take the time to recover on their own, or decide that it's cheaper to just quietly pay the ransom and move on. Ransomware groups increasingly vet their victims' financials before springing their traps, allowing them to set the highest possible price that their victims can still potentially afford.”
To stop this cycle, more needs to be done to prevent the impact before it occurs.
There seems to be lots of advice on how to defeat ransomware. One example is geekflare.com’s “7 Most Effective Ways to Fight Ransomware” or even the CSOonline article referenced above goes on to offer these tips to prevent ransomware:
“There are a number of defensive steps you can take to prevent ransomware infection. These steps are a of course good security practices in general, so following them improves your defenses from all sorts of attacks:
- Keep your operating system patched and up-to-dateto ensure you have fewer vulnerabilities to exploit.
- Don't install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won't stop a malware attack, but it can make the damage caused by one much less significant.”
We would also offer that leveraging security assessments in concert with better training for your developers on security best practices and even leveraging a DevSecOps position to provide oversight will go a long way to improve your preventative stance.
The best defense is a great offense and that is why a trusted advisor, providing in-depth security assessments, code remediation, and training unique to your business operations and compliance initiatives – before cyber threats exploit your web or mobile applications, networks, cloud infrastructure, or IoT products is a 2021 imperative.
nVisium empowers organizations to eliminate application and cloud security vulnerabilities before cyber threats exploit them with proven in-depth security assessments, remediation and training programs. Our experienced team of security-savvy developers and engineers guide organizations to build best practices with high ROI into their engineering and secure development lifecycles across applications, operating systems, networks, mobile, cloud and IoT through services, software solutions and R&D unique to business operations and compliance initiatives. Additionally, nVisium improves your DevecOps to 2021 standards by providing a fully managed platform for tracking and measuring performance as well as instructor-led and online training.
nVisium offers a range of comprehensive services to ensure that you and your company are protected from all cyber threats including:
- Security Assessments: Not all security assessments are created equal. Ultimately you will need to target a specific area for maximum impact. The six area of focus and their corresponding considerations include: applications, networks, mobile, Internet of Things (IoT), cloud and cloud native.
- DevSec Training: One of the more difficult issues with training is demonstrating the real-world impact of a specific vulnerability. nVisium uses games to teach developers and information security professionals to think like hackers by launching real-world attacks against applications and seeing the impact of these attacks as they land against other teams in the event. Depending on the style of game requested, defensive players may then implement fixes, and watch attacks fail in real time.
- DevSecOps Mentoring: Put simply, DevSevOps is an emerging role in that intersects IT security with application development and business operations with the mandate to introduce security earlier in the life cycle of application development in order to minimize potential vulnerabilities. Check out this blog on why “New Ways To Secure Your DevSecOps Pipeline.”
Today’s hackers are smarter and more agile than ever, so that requires you to be smarter and more agile. It’s time to have an independent and trusted partner help you out. Schedule a demo today or download our new eBook titled “Demystifying DevSecOps” to get started yourself.