Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
How Operator-driven Ransomware and New Detection Strategies will Impact the Future of Cybersecurity
By Shay
Nahari, CyberArk's VP of Red Team
2021 was filled with
high-profile cyber attacks- from supply chain attacks like SolarWinds to
ransomware attacks like Colonial Pipeline along with major vulnerabilities like
Log4j. However, as we know too well, one of the biggest trends 2021 brought was
the new world of consistent remote work. This new way of work often requires
secure cloud environments for employees to engage on, but it also expanded
organizations' attack surface and allowed attackers to evolve and develop new
methods to target enterprise infrastructure. An employee can log on to work
with any device from anywhere in the world, and while this may seem like an
abundance of freedom for the average worker, cybersecurity professionals face
major challenges to secure this shift.
As a result, many
organizations continue to be unaware of the risks they face. Fortunately, by
analyzing hacking strategies from the previous year, we can try and forecast
some of the challenges facing the cybersecurity industry in 2022 and innovative
approaches attackers are using to stay undetected in virtual environments:
Operator-driven Ransomware
The evolution of ransomware
as a service (RaaS) has only just begun. In 2022, the provision of ransomware
will continue to evolve. We will see operator-driven ransomware expand, with a
clear distinction between off-the-shelf ransomware payloads and delivery
methods, and skilled actors moving through networks while maintaining
operational security until they deploy the actual ransomware code and make
their presence known.
Ransomware detection cat and mouse
In addition, most current
ransomware families share multiple technical behaviors, tactics, techniques and
procedures (e.g. the way they delete backup encryption functions and shadow
volumes, which encryption API's they used, and how they perform initial
execution), of which security tools typically find common indicators of
compromise to detect and block. The widespread adoption of security tools
designed to combat ransomware is forcing ransomware authors to innovate and
find different methods to avoid common detections being deployed today.
Proactive Steps: Multi-Factor
Authentication
There are steps an
organization can take to protect themselves against these evolving tactics.
Multi-factor authentication (MFA) is one of them and has become increasingly
critical throughout all industries. Identity has become the prerogative and a
first line of defense for most organizations. We've seen changes in the threat
landscape as many previously used security practices become obsolete, and in
the post-pandemic world, there has been a huge shift to the welcome home model.
As many people work from home on untrusted sources and networks, MFA can play a
critical role in ensuring that whoever is logging on is who they say they are,
regardless of where they may be. MFA expands trust as access is tied to
multiple verification points rather than a single credential, which in turn
increases the operational cost and detection threshold of attacking these
controls.
Even Further: Adversary Simulations
In real-world breaches,
adversaries are always evolving and operating with a goal in mind, whether it
be to steal intellectual property, obtain personal information or benefit
monetarily. Therefore, organizations need to be proactive and operate with an
assumption that a breach has already occurred. They can take their security
posture to the next level by testing without risking a real breach. The
CyberArk Adversary simulation team helps organizations do this by testing their
ability to detect and respond to targeted attacks on their infrastructure. By
coordinating with cybersecurity professionals who perform these simulations,
leaders can ensure that their systems are protected on a higher tier. Thinking
and acting like real attackers can help organizations find flaws or
vulnerabilities in their security network and patch them before a real incident
occurs.
2022 and Beyond
If last year was any
indication, 2022 will be filled with new challenges surrounding ransomware as
industry leaders develop new ways to secure networks. Even though attackers are
getting savvier with their techniques and tactics, there are still ways to keep
your organization safe from these types of attacks, such as employing MFA and
adversary simulations. By forecasting what trends may come in the future, we
can take proactive steps to prepare for these possibilities today.
##
ABOUT
THE AUTHOR
Shay
Nahari is the Vice President of Red Team Services at CyberArk, the leader in
Identity Security. The Red Team specializes in adversary simulations to
anticipate weaknesses and develop tactics, techniques, and procedures to patch
vulnerabilities within networks. Before joining CyberArk, Shay was a commander
in the Israel Defense Forces communications unit, and he has more than 15 years
of experience in cybersecurity and telecommunications. Shay brings a unique
perspective to cybersecurity with his ability to think like a hacker.