7 minute read
SocialEngineering&Ransomware
from Cyber Security 2022
by 3S Media
WHEN YOUR DATA IS
HELD TO RANSOM
Advertisement
Ransomware – the latest and nastiest way in which cybercriminals seek to steal from you – is sweeping the globe, hammering businesses both large and small. We speak to security firm Commvault to gain a clearer understanding.
Perhaps the biggest – and certainly the most talked about – form of cybercrime is ransomware, which has quickly become the most frightening form of attack faced by companies, as it has rapidly propagated across the globe. The success of ransomware has been accelerated by social engineering, itself exacerbated by people’s growing utilisation of social media platforms.
Taking a realistic look at ransomware, one can admit it is probably the most prevalent and sophisticated type of cybercrime. By broad definition, it is when hackers are able to gain access either to a company’s data, network or systems, and then deny their use to legitimate business owners, through encryption.
Essentially, they encrypt your data so you can’t use it, and then offer to give you the decryption keys in exchange for the payment of a ransom, explains Kate Mollett, senior director: Africa at Commvault. “What makes it such a dangerous form of attack is that not only is it sophisticated, but if the data they encrypt is critical to your business, they can easily bring your operations to a temporary or permanent halt,” she says.
“Remember too that not only does such an attack create downtime for the business, but if, through the process, sensitive information data or consumer information is exposed, then you may face hefty fines in line with the relevant legislation, like PoPIA.”
Furthermore, she notes, an attack can lead to reputational damage – ransomware attacks, especially involving larger companies, tend to be headlinegrabbing ones – which in turn creates a loss of confidence among consumers and shareholders. “Also, never forget that just because you pay the ransom, it doesn’t necessarily follow that they will unlock your data. Acquiescence is really no guarantee of recovery.”
The way it works, she continues, is that the attackers use malware that is commonly introduced through phishing attacks, which are formulated via social engineering. This is usually via emails, texts or other ways of communicating that appear legitimate, and are designed to deceive you into believing you are dealing with a genuine entity like your bank or insurance provider. Once you have been fooled into clicking on the mail’s attachment, your system is infected.
Fighting back “The best way to fight ransomware is via user awareness and training. It is imperative to ensure your staff understand what these attacks look like, so they can spot them early. This type of training has to be ongoing too, to keep these concerns top of mind for employees.
“People are undoubtedly the weakest link in your security chain – some 54% of ransomware attacks are successful simply because people don’t pay enough attention. Another key barrier in the fight is that if your company utilises VPN services, you should encourage staff to use these all the time, and try to avoid using public Wi-Fi, especially if they are working with sensitive data,” notes Mollett.
Then, from an organisational perspective, she adds, it is vital to have good monitoring in place. Automated monitoring solutions are designed to search for various types of malware across numerous attack scenarios.
A business should also undertake frequent backups and have at least three copies of their data – This should be on two types of storage media and then there should be a third that is stored off-site. This is the key to being able to recover quickly from a ransomware attack.
“Another method these criminals often use to introduce malware onto corporate devices is through an infected USB drive. Once it is introduced to your device, the moment you connect to your corporate network, the ransomware can move laterally across the domains and becomes very difficult to stop.
“Something else people should be aware of is the concept of ‘dwell time’, which talks to how long the malware is in your system before you identify it. Often these malicious codes are in your system for months prior to detection, stealing small tranches of data at a time.”
As for social engineering, she adds, this requires constant education of employees, as this approach relies on deception and uses data freely available – or freely given – on social media platforms to create a knowledge base of the individual. They usually start by gathering seemingly innocuous data about you, with the aim of making you think a mail or message has come from someone you know.
“Do you seriously think all these posts on Facebook that ask you if you can remember the name of your first dog or the colour and make of your first car are innocent games?” she asks.
“People need to understand the level of sophistication the bad guys have, and their determination to steal critical data or earn a large ransom. In fact, in all likelihood, the cybercrime fraternity is larger than the legitimate security industry – meaning their workforce is not only larger, but the rewards tend to be better too.
“Some of the other tactics used to get people to unintentionally click on malicious links include ‘baiting’, where they
DOS AND DON’TS
• If you receive a strange email from a friend or colleague that doesn’t feel right, it’s probably not from them. • If it’s an offer of help you didn’t request, you should reject it. • If it’s an urgent request from your bank – especially because they constantly remind people they won’t send e-mails – or a mail from HR, when you have never received one before, be cautious. • If it’s an unsolicited offer that seems too good to be true, it most likely is. • Secure your devices with a top anti-virus solution and adopt a ‘zero trust’ stance. • Treat anything even slightly suspicious as a threat, and ensure your employees are trained in security protocols on an ongoing basis. • Ultimately, it is safer to be paranoid, even if this entails conducting ‘white phishing’ exercises to identify employees who are more prone to falling for the above – but only to train them further, not to punish them for making such mistakes.
pretend to be affiliated to a relative from your hometown (because they have learned where you were born), indicating there is a small inheritance to be claimed, if you contact them. Another is scareware, which includes fake threats, supposed warnings from your ‘bank’, or suggestions that they have accessed intimate information about you.”
Tangible impacts She points out that the highest known ransom paid so far has been some US$3.2 million (R48 million), which gives an indication of the kind of purely financial impact this could have – demonstrating how one such attack could quite easily mean the end of your business. Remember too, she adds, that once in your system, they have access to information like your insurance policies related to data loss – so they know the exact price to position the ransom at. And for smaller businesses thinking they are unlikely to be targets, think again: some 43% of ransomware attacks globally target SMEs. So how can organisations defend against this? Engage with security experts to learn where the gaps in your security are and how to plug these, suggests Mollett, and know what data you have, where you store it, and why you are keeping it.
“You could compare your business security posture to how you would secure your home – think of your data as your family, which are the crown jewels you want to protect. In your home, you may have security gates, alarms, an electric fence, large dogs and a security response company.
“It should be similar with your business – secure your data and then build layers out from there to secure your different workloads, endpoint devices and so on, and then surround all of this with a perimeter defence. It’s about introducing a layered security posture that is rigid enough to guarantee the data is safe, but flexible enough to allow you to use your data as required. This balance is a fine one to strike, which is why, once again, you should be talking to the security experts, as they will enable you to obtain the greatest flexibility for your data, while keeping it as secure as possible,” she concludes.
