The trope of the burglar comparison in cybersecurity is more than overused. But when we talk about the damage of a break-in, it’s not just picking the lock that’s the problem- we worry about what they’ll steal, what they’ll destroy, even what they’ll plant (yes, I have an active imagination). What seals the deal on a good heist is always the inside man, the bank clerk, the janitor or even the shareholder with gambling problems. It seems that the ransomware groups are catching up.
Ransomware comes in different shapes, and sizes – whether it be of nation-state origin, competitive attack tactics, or the work of criminal enterprises, the ransomware business is booming, as noted in the recent White House memorandum on cybersecurity. The risk for attackers of being caught is low, and the rewards are enticingly high. The repercussions of the threat have reached our daily lives, making ransomware personal, no longer just following along as the news explodes with stories of threats and attacks. When Colonial Pipeline was hacked by DarkSide just a few months ago, lines at gas stations were long due to a fear of shortage, and gas prices jumped. The mere specter of this kind of attack can send the public into a frenzy, and an organization into a spiral.
All cybersecurity professionals are aware of the threat of ransomware. And in order to protect customer data and business continuity as much as possible, they stack their network with the latest most cutting-edge technologies the industry has to offer. But what happens when the threat comes from within?
The latest adoption by cybercrime groups is recruiting employees themselves to help – yes, the call is coming from inside the house. Why break in when someone can prop the door open for you? It’s quite ingenious – social engineering quite easily equips attackers with lists of possible aids.
Abnormal Security documented an attempt they caught wind of and played along to see which tactics were employed, to find out how it works and who in the organization is capable of carrying out the attack. Among other findings, they found that the attacker (apparently based in Nigeria) wasn’t particularly tech-savvy but that the attachment he requested from our fake persona to execute was indeed ransomware with the intent to extort an amount which proved to be flexible. He piled C-level corporate email addresses from LinkedIn and originally attempted a more classic phishing scheme to no success. With the new phenomenon of Lockbit announcing their RaaS and the fact that all the code for DemonWare is available on GitHub, reaching out directly to possible “assistants” to execute relatively easily attainable ransomware strains has become a completely viable (and frankly quite smart in its simplicity) option to bypass the middleman.
This is the newest evolution of the ransomware “business,” and has been gaining traction. Only recently, a Russian national pleaded guilty to attempting to recruit a Tesla employee to plant malware after the employee reported the attempt. But will every employee or consultant come forward and collaborate with the FBI? In Gartner’s Ransomware Defense Life Cycle, the first phase is about preparation, and this is indeed the key to the rest of the stages as well. So how do we equip ourselves in light of a growing array of ransomware strains and business modules?
Even with the tightest policies and attempts to institute a zero-trust and least-privilege policy, there’s always risk. What-if an internal employee decides to deploy ransomware? How can one detect it before it’s too late? So, as an organization, all that’s left is to test and test again. With actual ransomware strains and actual exploitations.
Automated security validation is the call of the hour. Knowing where the organization is vulnerable, and reducing the cyber exposure as much as possible. When security professionals have full visibility to the network they can make the right decisions on where to focus remediation efforts in an effective way. This way you can have eyes on your potential insider threat as well as an outside attacker and cover the various ransomware threats. The key is to validate as often as possible, not once a year or once a quarter, but on-demand as needed or desired. Make the switch from pondering what the payout will be to feeling more confident that you’re RansomwareReady™. Validate, remediate, repeat.
Shift from ransomware aware to Ransomware Ready™ by requesting an assessment today.
Director of Content
The Greatest Hits of 2020
The Greatest Hits of 2020 Who doesn’t love some good old nostalgia? Ok, it’s true, many of us are glad to see the back of 2020. But as we start 2021 strong, let’s take a moment to remember some of the community’s favorite content, including our top-read blog, our most-watched webinar, and a chance to...
A Big Step Toward Making a Vision Come True
In the world of startup innovation, funding is the jet fuel that thrusts founders and entrepreneurs to move forward and fulfill their dreams, as bold and ambitious as they may be. The saying “an army marches on its stomach” may be lent to “a startup marches on its funding”. Our end in mind when raising...
CEO Thoughts Post Round A – There’s No Stopping Us Now!
Almost two years have passed since I began my role as Pcysys CEO, joining Arik Liberzon, our Co-founder & CTO and Arik Faingold our Co-founder and Chairman, on this great mission to revolutionize Cyber Risk Validation, together with industry veteran Ran Tamir, our VP of Product, and Aviv Cohen, our visionary CMO. Being an enterprise...