The new normal: ransomware on the rise. With the increased teleworking in companies due to the pandemic crisis, cybercrime has further upgraded and increased its ransomware capacities. In order to be able to keep pace with the other side despite changed conditions, companies must expand their IT security approach and strengthen their measures.
Working from home as a result of the crisis helped a hitherto weak trend to widespread popularity in 2020: at the beginning of the pandemic, 75 percent of companies were working from home; after a year, 90 percent of companies are assuming that they will continue to offer their employees home office as an option in the future , so this year's Remote Work Report from Bitglass. At the same time, 56 percent of the companies surveyed fear reduced malware protection. This is by no means an unjustified concern, because a new window of opportunity also opened up for cybercrime last year. The majority of the working population far away from the well-secured office IT environment is a military advantage for hackers that they do not want to leave unused.
Ransomware campaigns have increased
It is therefore not surprising that from this point in time the ransomware campaigns have increased massively. The encryption of data relevant to business operations is particularly painful for companies that are already in a kind of emergency operation, and the prospect of a quick ransom payment for the blackmailers is correspondingly high.
Such attacks are usually carried out in three ways: With unsolicited, sometimes even harassing or threatening e-mails, the criminals try to get their victims to click on a link from whose destination the malware is downloaded. The next category is untargeted attacks that send thousands of emails as spam. The attacker doesn't really know who they are being sent to, but hopes that a small number of recipients will download the ransomware. The third category is targeted attacks, in which the criminals know exactly who they want to reach and personalize their efforts accordingly.
Criminal professionalization: Ransomware-as-a-Service
With the high chances of success in the past year, the professionalization of cyber criminals has also experienced a new boost. Ransomware-as-a-Service is currently experiencing a boom. Here, the hackers rely on the division of labor in order to be able to proceed as efficiently as possible: It usually takes hundreds or even thousands of attack attempts before even one is successful. It is easier if the developers make their ransomware payloads available to those who have the capacity to carry out both large-scale and targeted attacks. The profit is ultimately shared between both parties.
A procedure which, by the way, hardly differs from the methods used by conventional criminal organizations. These usually also have a supply chain with the equivalents of wholesalers and retailers working together to meet the needs of their "customers".
Retrofitting on the company side
The strategic advantages that cyber criminals enjoy from working from home are new security problems for companies. Beyond the corporate network, the influence of IT administration is limited. The spatial isolation of the individual employees can also lead to more inattention, which hackers with social engineering attack tactics can use for themselves.
Make remote operation resilient
In order to cope with this changed risk situation, companies have to expand their security strategy. You have to find ways to make the IT environment resistant to careless behavior and malicious attacks even in remote operation. With Secure Access Service Edge (SASE) solutions, IT administrators can maintain the usual level of control beyond the network perimeter. SASE platforms are provided from the cloud and use various technologies with which a zero trust policy can be enforced across all users, applications, web targets and environments:
- Zero Trust Network Access (ZTNA): SASE platforms offer both agent-based ZTNA for securing fat client applications such as SSH and remote desktops and agentless ZTNA for browser applications as standard. This technology carries out automated access controls and applies Advanced Threat Protection (ATP) functions in real time. Access is denied to users who cannot authenticate or to sources that are not trusted.
- CASBs: Cloud Access Security Brokers (CASBs) prevent malware contained in files from being uploaded to the cloud and stored there. Infected files cannot be downloaded either, which prevents ransomware from spreading.
- On-Device Secure Web Gateways: Secure Web Gateways (SWG) check the data traffic on all endpoints and block suspicious URLs and unmanaged applications before they can be accessed. For example, links contained in fraudulent e-mails that are intended to initiate the download of ransomware can be prevented from opening.
The human factor: guidelines for employees
In addition to the technological precautions, it is essential to take the human factor into account. Vigilant employees can be the decisive hurdle in the event of sophisticated attacks. Companies should also sensitize their employees to cybersecurity risks when working from home. In the form of a short written guide, companies can show the workforce suitable behavior. At regular work meetings, IT managers can also provide information about current attack techniques used by cyber criminals.
With such extensions of their security precautions, companies can counter the strategic imbalance vis-à-vis cybercriminals and ensure a balanced balance of power.
More at Bitglass.com
About Bitglass Bitglass is a global provider of a NextGen CASB solution based in Silicon Valley. The company's cloud security solutions offer agentless zero-day, data and threat protection everywhere, for every application and every device. Bitglass is funded by senior investors and was founded in 2013 by a group of industry veterans who have introduced and implemented numerous innovations in the past.