In January 2022, we witnessed a huge rise in ransomware attacks specifically on IoT and IT networks. Most of these attacks were designed to lock up the data, copy parts or whole of it and then dump the data on the Dark Web. If media reports are to be believed, many organizations that ended up paying a ransom didn’t get their data back.
If we break up the ransomware problem, we can identify these as the key attributes of the bigger challenge posed by ransomware to businesses:
- Insider threat: emerging from employees or partners willingly or unwittingly ending up aiding hackers. Learn more about dead drops
- Rising potency of ransomware: hackers have invested extensively in ramping up the facilities behind ransomware production and distribution and this is the reason behind 2021 turning into a very successful year for hackers
- Growing ransom demand: there are contrasting reports on what was the highest ransom demand placed last year but it can be easily inferred that the ransom rates have certainly grown significantly in 2021
- The rising role of enablers: while the number of ransom developers is growing, so is the role of the enablers. These include negotiators and even professional breach enablers who help in placing the ransomware in the target networks
- Bleeding data: in December 2021, the volume of new data dumped on the Dark Web rose by nearly 3 TB.
- Hackers are now more aware of the vulnerabilities, cybersecurity gaps, and process deficiencies associated with IoT, IT, and OT in businesses and they are using this information to breach assets and networks
What can businesses do to protect themselves from ransomware attacks?
- In sectors like manufacturing, pharma, defense, and retail, cybersecurity needs to be embedded into supply chains and feeder processes
- For small and medium businesses, operational visibility and visibility into networks at all times is a must.
- Oil and gas (upstream and downstream operators) is a sector that has been traditionally vulnerable to a range of threats. Oil and gas companies need to harden their operations from a cybersecurity perspective and revisit their processes and cybersecurity practices to align them with the new cyber threats and challenges that are emerging in the background
- Healthcare firms need to ramp up their IT security and invest extensively in securing their data
- Micro-segmentation: involving fragmenting networks to enable greater visibility and granular enforcement of cybersecurity policies is a must deploy cybersecurity measure
- Industrial Control Systems and health and safety systems should be especially protected as these could not just create an operational challenge for businesses but more importantly, could create a health and safety hazard for employees working in manufacturing plants that deal with oil and gas products and other complex and dangerous chemicals
- Cybersecurity audits should be conducted at least once a month. There are many available formats for conducting this. We have created one for you here that is aligned with the NIST framework
- Encourage employees to report incidents and incentivize them to proactively detect and report vulnerabilities or security gaps
- Businesses connected with a long tail and short tail supply chains should collaborate to arrive at common security standards and measures that they can deploy together
- Enforce a no-click policy for suspicious emails
- Look at opting for multiple vendors for obtaining your threat intelligence feeds
Try out our threat intelligence feeds and improve your threat hunting capabilities.