Difference between revisions of "Preventing and Mitigating Ransomware"
Skychemist5 (talk | contribs) |
Skychemist5 (talk | contribs) |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
| − | Recently [https://www.bleepingcomputer.com/news/security/lincoln-college-to-close-after-157-years-due-ransomware-attack/ Lincoln College] attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom | + | These attacks are not limited to poorer countries, both [https://technical.ly/civic-news/baltimore-cyberattacks-timeline/ Baltimore] and the [https://www.securitymagazine.com/articles/96901-maryland-dept-of-health-confirms-ransomware-attack state of Maryland] have been repeatedly compromised by ransomware attackers. Colleges and universities are under increasing threat, include not only the [https://www.govtech.com/education/cyberattack-university-of-maryland.html ransoming of data, but the exposure of personal information] when institutions refuse to pay. Recently [https://www.bleepingcomputer.com/news/security/lincoln-college-to-close-after-157-years-due-ransomware-attack/ Lincoln College] attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom |
| − | IT infrastructures are further potentially compromised with software flaws and exploits, such as [https://www.darkreading.com/vulnerabilities-threats/office-365-files-stored-in-the-cloud-vulnerable-to-ransomware-encryption Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams] which permit attackers to compromise entire networks. | + | IT infrastructures are further potentially compromised with software flaws and exploits, such as [https://www.darkreading.com/vulnerabilities-threats/office-365-files-stored-in-the-cloud-vulnerable-to-ransomware-encryption Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams] which permit attackers to compromise entire networks. In addition to indirect and random infections, directed attacks have the potential for further disruption. Purposeful attacks and compromises come from learning a potential victims unique vulnerabilities and network topology. Too often IT professions rely on such measures as the Common Vulnerability Scoring System (CVSS) and other rating systems without realizing cybercriminals use these low scoring vulnerabilities as means of compromise. Such instances demand vigilance and staying current on the part of IT professionals and end-users alike. |
'''Call To Action''' | '''Call To Action''' | ||
| − | + | The all too often adage is "failing to plan, is planning to fail" is in play. It is equally true that a half hearted effort equally has the potential to end in ruin. Cyber security involves prevention and response. Countermeasures towards malicious activates include: 1) Identifying and classifying the assets within infrastructure, to know the critical and non critical devices, core services and understanding the visibility and context of the attack surface. 2) Isolating and restricting critical intranets from the internet and data access points when possible vs when necessary. Using cyber risk scoring to systematically to identify weaknesses and vulnerabilities with the highest likelihood of impact. 3) Developing a resilient infrastructure is key to prevention and recovery in the event of any network compromise. Ideally systems would include internet security and antivirus software, system design, good computer habits and a cyber hygiene program with a means for restoration of services with minimal impact should such need to be implemented. 4) Training IT staff and educating end-users are paramount. Weakness in awareness and complacency can undermine all of the previous efforts. Well trained, best practices and informed CIO/CTOs and network admins can supplement the role of a CISO in many instances with security audits and monitoring as a apart of their responsibilities - given the magnitude IT security impacts all organizations. | |
Latest revision as of 20:47, 17 June 2022
Ransomware - malware that encrypts files and operating systems. Extortionist then hold for ransom the decrypt keys for the restoration of data. The uniqueness of a ransomware exploit is that infection can occur and spread via various malware injection methods, such as the compromise of hyperlinks, infected files, software updates, network access and social engineering.
The 2021 FBI Internet Crime Report has ransomware events up 82% between 2019 and 2021. As of this writing the country of Costa Rica is under attack.
"WASHINGTON (AP) — Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government." AP Newswire
These attacks are not limited to poorer countries, both Baltimore and the state of Maryland have been repeatedly compromised by ransomware attackers. Colleges and universities are under increasing threat, include not only the ransoming of data, but the exposure of personal information when institutions refuse to pay. Recently Lincoln College attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom
IT infrastructures are further potentially compromised with software flaws and exploits, such as Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams which permit attackers to compromise entire networks. In addition to indirect and random infections, directed attacks have the potential for further disruption. Purposeful attacks and compromises come from learning a potential victims unique vulnerabilities and network topology. Too often IT professions rely on such measures as the Common Vulnerability Scoring System (CVSS) and other rating systems without realizing cybercriminals use these low scoring vulnerabilities as means of compromise. Such instances demand vigilance and staying current on the part of IT professionals and end-users alike.
Call To Action
The all too often adage is "failing to plan, is planning to fail" is in play. It is equally true that a half hearted effort equally has the potential to end in ruin. Cyber security involves prevention and response. Countermeasures towards malicious activates include: 1) Identifying and classifying the assets within infrastructure, to know the critical and non critical devices, core services and understanding the visibility and context of the attack surface. 2) Isolating and restricting critical intranets from the internet and data access points when possible vs when necessary. Using cyber risk scoring to systematically to identify weaknesses and vulnerabilities with the highest likelihood of impact. 3) Developing a resilient infrastructure is key to prevention and recovery in the event of any network compromise. Ideally systems would include internet security and antivirus software, system design, good computer habits and a cyber hygiene program with a means for restoration of services with minimal impact should such need to be implemented. 4) Training IT staff and educating end-users are paramount. Weakness in awareness and complacency can undermine all of the previous efforts. Well trained, best practices and informed CIO/CTOs and network admins can supplement the role of a CISO in many instances with security audits and monitoring as a apart of their responsibilities - given the magnitude IT security impacts all organizations.