Blog by Chris Gausden, Arcanum Principal Consultant.
Travelex, Honda, Garmin, Cognizant… who will be the next ‘holdup’ victim of ransomware? [1]
Ransomware has been around since the last century. A check on Wikipedia will tell you the first documented attack was 1989. Since 2012 the use of ransomware to defraud organisations has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018, which marks a 229% increase over this same time frame in 2017.
In December 2017 there was a lot of publicity around the WannaCry/NotPetya ransomware attacks on the NHS IT, although I strongly suspect they were not targeted and only newsworthy because of the human–interest angle. However, this shows the global impacts of random as well as targeted use of ransomware, and the reasons for its exponential growth as a revenue stream for organised crime.
Why is ransomware so successful?
The attacks seem to rely on a number of common weaknesses in big companies’ business security models that often includes:
- A lack of regular and up–to–date risk–focused security education for employees, to ensure that they are forewarned of current, real–world threats and risks and can recognise and correctly respond when they see a suspicious email (this must go beyond a simple ‘compliance’ approach) [2];
- Absence of accurate asset management linked to continual critical asset vulnerability identification/ management and patching to identify which assets are vulnerable to the latest ransomware attacks [3] [4];
- Lack of security monitoring,incident management/response including tested Business Continuity Planning (BCP) and Disaster Recovery (DR) processes, to detect threats and enable an effective response if the worst happens [5] [6].
Of these listed the most important proactive control is most likely number one. Once all available technology–based SPAM and Phishing mail filters are set appropriately for the business and tuned, the 10% or so of high–quality malicious mail that will always get through is still waiting in mailboxes for the unwary user.
The answer has to be to create an intelligent ‘human firewall’ from your employees that can consistently filter that residual 10% + and make sure that the phishing email does not succeed [7]. This can be helped by employing one of a number of technology and process–based solutions that supports and encourages a ‘hive’ approach, to detecting and reporting suspicious mails. This should be coupled with an effective follow up security capability that can investigate, assess, and respond appropriately to reported suspicious e-mails. Clearly the risk of too many false positives and the deletion of genuine business critical emails can be almost as damaging as falling for phishing mail. Employees with regular tested knowledge, sound security reflexes and a clear reporting path for suspicious emails are vital in this endless battle with the scammers.
How Arcanum can help
Arcanum Information Security is a leading National Cyber Security Centre (NCSC) accredited provider, certified in both Risk Assessment and Risk Management to provide specialist Cyber Security consultancy services. Arcanum consultants are NCSC Certified Professionals, with extensive knowledge and experience. In addition, we provide Digital Forensics through our ISO 17025 accredited laboratory.
For more information, get in touch by calling: 01558 669140 or alternatively email: marie.caruso@arcanum-cyber.com
Sources
[1] https://www.soscanhelp.com/
[2] https://www.humanfirewall.io/
[5] https://www.microsoft.com/