When thinking about ransomware, we often wonder what victims could have done differently to avoid cyberattacks and ransom demands in the first place. How can they stand up against these growing threats especially as the National Security Agency discovered a fresh batch of critical Microsoft Exchange vulnerabilities that will likely be exploited. And what's coming down the road? To learn more, VMblog spoke to industry expert, Chandrashekhar Basavanna, CEO and Founder, SecPod Technologies.
VMblog: What
attack tactics have you seen cybercriminals leverage lately?
Chandrashekhar Basavanna: While there's been no shortage of ransomware
attacks making headlines lately, the attacks that have stood out are the ones
that capitalize on Microsoft Exchange vulnerabilities, which we saw in the
attack on Acer, and those that leverage ransomware-as-a-service (RaaS), which
REvil is notorious for. Despite security experts advocating the importance of
deploying patch updates regularly, it's clear that many organizations are
neglecting to do this, losing sight of simple security best practices that can
prevent these kinds of attacks from happening in the first place.
VMblog: Why do you think organizations lose sight of simple
security best practices?
Basavanna: Despite being announced well over a month before
the attack on Acer, cybercriminals were still able to exploit the company's
failure to properly patch the Microsoft Exchange vulnerabilities. And, Acer
isn't the only company to neglect simple security best practices - there are
still many companies that haven't applied available fixes for the
vulnerabilities. This begs the question: are IT security teams losing sight of
the obvious while they're distracted by the emergence of new threats? While
staying ahead of cybercriminals and nefarious new attempts on data breaches is
vital for an organization to keep data safe, organizations must also ensure
simple best practices aren't forgotten.
However, implementing these best practices isn't
always easy due to manual efforts and lack of tools that support automation,
multiple point products operating in silo. It is important to make cyber
security best practice implementation continuous and automated.
VMblog: What tangible steps can businesses take to prevent
cyberattacks and ransom demands from happening in the first place?
Basavanna: Prevention should be the ultimate goal, so it's
really important for businesses to implement solid cyber hygiene measures. This
involves gaining complete visibility over all IT assets and endpoints.
Additionally, it's not enough to run periodic vulnerability scans
since new vulnerabilities are being identified at such a rapid pace. Instead,
teams must perform continuous real-time vulnerability scanning to gain complete
visibility over an organization's risk exposure. And, to make things easier for
IT teams, I recommend finding a solution that mitigates high-critical
vulnerability by automating scanning and remediation processes. Not only does
this paint an accurate picture of the attack surface at all times and help IT
teams understand the risk potential of each vulnerability, but it also reduces
IT team fatigue and improves productivity. As I said, an increasing number of
cyberattacks are due to unapplied patches, un-hardened security posture and
these must be deployed immediately.
Implementing good cyber hygiene isn't a one-and-done exercise,
either; IT security teams must continuously monitor for vulnerabilities,
potential threats and research different attack patterns so they can fully
understand their level of risks. Adhering to industry compliance standards,
implementing continuous monitoring capabilities to detect indicators of attack
and compromise and having incident response in place, will further strengthen organization's
ability to prevent cyber-attacks.
VMblog: If
a company does find themselves in a situation where a ransom has been demanded,
how should the company deal with it?
Basavanna: While never paying a ransom demand is certainly
best practice, sometimes businesses don't take the necessary precautions that
would give them a way out. In those cases, companies should first inform all
their stakeholders and then do a thorough analysis and traceability of the
incident to determine what data is lost and whether it was confidential,
whether there are any backups available, and whether they can recover from the
disaster quickly. That said, ideally teams would implement the previous cyber
hygiene measures to prevent this from even happening in the first place.
VMblog: We've
seen cybercriminals demand larger ransom payments. Since this will likely
continue, why is it more important now than ever for businesses to prepare?
Basavanna: The attack on Acer was the highest ransom demand
ever made. Given that every major attack sets a precedent for others to
emulate, we'll likely see other threat actors one-up each other beyond what is
currently making headlines. For instance, the REvil ransomware group just hit
two major software companies at once - Apple and Quanta - leaving them with a
$50M ransom demand that they were threatening to double. Not only does this prove
that ransomware gangs are ruthless, but it highlights how gangs like REvil have
perfected their approach to extorting companies for large amounts of money with
ease. What's more is that it's not just money that organizations risk losing by
not preparing for these kinds of attacks - customer loyalty and trust are also
in danger. That's why I implore all IT professionals and teams to prepare their
business for these kinds of attacks, because they won't be slowing down anytime
soon - if anything, they're increasing at an unprecedented rate.
VMblog: How
can SecPod SanerNow help?
Basavanna: Our one-stop cyber hygiene automation platform,
SanerNow, helps organizations implement cyber hygiene by orchestrating and
automating security posture analysis and mitigation. Through cyber hygiene
automation, continuous compliance, visibility and control, and incident
detection and response, SanerNow ensures IT teams stay ahead of cybercriminals.
Long story short, because SanerNow unifies multiple cyber security perspectives,
all from a single console, it's perfect for IT professionals looking to
prioritize and remediate threats proactively.
VMblog: How
do you see cyberattacks changing in the next year or so? Or what new trends do
you predict will surface?
Basavanna: Because cybercriminals are constantly trying to
take their attacks to the next level, attack tactics will become even more
ruthless and aggressive than what we've seen in the past couple of months. It's
reported that attacks have been increasing by 9% every month since the start of
last year, and it's likely that number will keep rising. Additionally, once one
ransomware attack proves successful, copycats will follow. The Maze ransomware
attacks are the perfect example of this - while they were the first gang to
implement the double-extortion tactic back in 2019, now other groups do the
same - and do so very successfully. We've also seen this evident in groups who
conduct RaaS and extort Microsoft Exchange vulnerabilities.
Even though our world is inching closer to a
more ‘traditional normal,' working from home offices won't be going away
completely, meaning BYOD will be the standard moving forward. We'll see
increased attacks on remote infrastructure.
Attacks on critical infrastructure will rise,
not only have they become easier targets because of legacy systems that are
running, but also because of the level of attention these attacks would bring,
and given the damage these attacks can cause is huge.
With increased cloud adoption, attacks targeting
cloud infrastructure causing service disruption and data breaches will
increase.
##