Virtualization Technology News and Information
F-SECURE 2022 Predictions: Future of Cyber Attacks

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Future of Cyber Attacks

By Jordan LaRose, Director of Consulting and Incident Response, Americas, F-Secure

As someone that is part of a team that responds to hundreds of ransomware incidents across the globe every year, I can share some good news here: Overall, companies are finally getting ahead of the curve on responding quickly enough to stop ransomware attacks before they destroy the entire network.

I think this trend is happening for a number of key reasons that we've observed in the wild:

Endpoint Detection and Response (EDR) is becoming a stronger focus for security strategies. EDR provides visibility into these types of attacks and, as a result, can allow you to catch what's happening earlier in the kill chain and buy your organization valuable time. Most of the incidents where we see a successful ransomware defense involve EDR in some capacity.

Ransomware has been at the forefront of defenders' minds for years now, and most organizations build their security posture around preventing ransomware attacks. The number one question I'm asked when helping to proactively design a security program or build a SOC is "what can we do to prevent ransomware?"

More companies are moving to full or hybrid cloud environments. Due to the distributed nature of cloud and the simplicity of creating backups within it, it's easier than ever to design an environment that is resilient against ransomware attacks. 

This is not to say that ransomware is a solved issue, as many of my colleagues have worked several incidents where the client was already ransomed when we arrived. This is something we're seeing especially in regions with lowers level of cybersecurity maturity, such as southern Africa and eastern Europe. Additionally, one way we've seen attackers adapt to growing levels of defense is by not just ransoming computers, but the data within them as well. Specifically, I've seen several cases this year where attackers targeted key servers holding intellectual property or client and employee information as the first steps in their takeover of the network. Then, when we threaten their attack by containing the incident, they have a backup plan where they can still exfiltrate the data from these key servers and threaten to leak it to the public if a ransom is not paid. While this is a frightening development, it's also one we can address by further tightening security around those crucial servers, and increasing visibility through EDR and other tools to catch these attacks before they reach that level.

It also bears mentioning that we've seen a significant uptick in both the time and cost associated with recovering from a successful ransom. Environments in the current world of hybrid cloud and complex network segmentation are increasingly harder to build back from scratch, compared to the simpler server and workstation models of the past. Pairing that with the added sophistication of attackers' attempts to totally shut down an organization's ability to recover via backups means that incidents where attackers do succeed are much more costly. Finally, we've seen in this past year attackers moving to target the cloud vertical with advanced tooling like Siloscape, which marks a huge step in the ransomware industry towards exploiting the previously more difficult target of cloud infrastructure. Still, many of these advancements haven't made it to the larger pool of threat actors, and while incident recovery costs continue to rise, those with the wherewithal to battle these attacks have more tools at their disposal than ever before.

Cybersecurity is an eternal game of cat and mouse, and while I'm sure the attackers will continue to adapt and find new ways to circumvent our current defenses, it's nice to see that we have the upper hand for now.




Jordan LaRose is the Director of Consulting and Incident Response for F-Secure North America. Jordan has a diverse technical background of over 7 years delivering a blend of IR and Penetration Testing services, which has given him hands-on experience carrying out and defending against some of the most advanced cyber attacks in the field and providing clients perspectives from both sides of the threat landscape. He combines this technical background with his management of the North America team to drive market expansion from the firm's New York City office.

Published Tuesday, February 01, 2022 7:33 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2022>