itb-au logo
Story image

Ransomware declining, but businesses must still be on guard – ExtraHop

03 Apr 2019

Article by ExtraHop senior security director Barbara Kay

Australian organisations, across both public and private sectors, have endured lower profile but equally disruptive ransomware assaults in recent times.

Signs suggest these will continue in 2019 and beyond.

Verizon’s Data Breach Investigations Report 2018 showed ransomware comprised 39% of all malware attacks.

Their prevalence has business spooked – 89% of survey respondents indicated they were somewhat concerned about ransomware, according to the Oracle and KPMG Cloud Threat Report 2019.

Speed and effectiveness are part of the reason for ransomware’s ongoing appeal to the unscrupulous.

Victims can be targeted and shaken down in a short space of time and often relatively easily.

Hitting pay dirt: why hackers are aiming at the bullseye

Ransomware attacks don’t just remain prevalent; those which succeed are becoming far more damaging than once they were, courtesy of the fact hackers have switched their focus from endpoints to critical enterprise systems.

While the temporary loss of a single user device or several may be annoying and inconvenient, having a file server or database encrypted can cripple an enterprise, in a matter of days, or even hours.

Faced with a choice between significant economic loss and opening the chequebook, many businesses find themselves forced to choose the latter option.

Staying a step ahead of high-tech hijackers is a perennial challenge for cybersecurity professionals.

It’s well-nigh impossible for organisations that concentrate their efforts primarily on protecting the perimeter.

When they succeed in slipping through, ransomware gangs can wreak maximum havoc in a couple of blinks of the eye, unless there’s a lightning fast detection and containment solution in place.

More than mere malware – why ransomware needs different defence tactics

‘Think different’ was the slogan adopted by Apple as its ascension to the top of the tech tree began gathering pace in the late nineties.

That’s just what Australian organisations need to do if they hope to successfully repel ransomware attacks in 2019.

When a campaign is successful, attackers use automation to vary and implement it against more targets.

Through toolkits, they can make the code used for each individual attack different, in order to bypass standard antivirus and rule-based detections.

Because unusual behaviour within the network can be difficult to detect using traditional tools, security staff may clock some of the signs of a ransomware infiltration – scanning behaviour or ‘data staging’ from a server to a host – but be unable to assemble the full sequence in time to respond and neutralise the threat.

Effective detection relies on dynamic behavioural profiling of the internal network attack activities – not dependence on a definitive rule or signature or endpoint monitoring. Network-based behavioural analysis is essential if organisations are to detect and respond to malicious activity during the late stages of attack – those critical minutes while encryption is taking place.

The housekeeping detail – simple security practices that still make sense

Reducing the risk of falling victim to a ransomware attack calls for a holistic security strategy.

In addition to keeping pace with emerging tools and technologies, implementing and maintaining common sense protection measures can help enterprises ensure they’re not prime targets for opportunistic infiltrators.

These measures should include:

  • Using auto-discovery software to detect and classify new devices entering the network
  • Network segmentation
  • Regular offline backups
  • Passive, real-time monitoring of network traffic

Time to act

Ransomware attacks remain an immediate and very real threat to business continuity and viability.

Perpetrators are as resourceful and agile as ever they were and, for Australian organisations whose cybersecurity strategies haven’t evolved apace, successfully repelling an attack seems an optimistic and unlikely proposition.

Of course, ransomware is just one aspect of an overall security program.

With the pressure to perform, many businesses need to commingle security and other business goals and resources for efficient operation.

While improving resilience against attacks that break through perimeter defences, investing in enhanced behavioural protection for mission-critical systems can also pay rich dividends for enterprises worried about business continuity and data integrity.

Link image
Revealed: How to streamline the payroll process
Here are five top tips that can help you regain control of your day, cut down on errors, and take care of employees, the company, and yourself.More
Story image
Cybercriminals are leveraging AI for malicious use
"At a time where the public is getting increasingly concerned about the possible misuse of AI, we have to be transparent about the threats."More
Story image
Advanced Threat Protection from Fortinet: Prevent, detect and mitigate
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why zero-day threats represent an unacceptable risk to your enterprise and how to protect your network by adopting Advanced Threat Protection security services.More
Story image
Video: 10 Minute IT Jams - Who is OutSystems?
In this IT Jam, we speak with OutSystems vice president for A/NZ Paul Arthur, who discusses the company's role in the A/NZ region, how things have changed for the company and the industry amid pandemic, and what he sees in the future of visual development and digital transformation.More
Link image
How to supercharge digital transformation with Azure training
Cloud computing is proliferating fast in New Zealand, but many organisations are being held back by limited knowledge. Power up your transformation with Auldhouse's Azure training classes.More
Story image
Environmental Intelligence sector increasingly important, report states
The EI sector is emerging as one where technology meets real-world challenges, and is set to become more significant as climate change and environmental issues dominate public interest, the report states.More