May 2018 - LP3

Ransomware: The New Trend Among Cyber Criminals

May 7, 2018/0 Comments/in Tips /by Scott Lawler

Data breach schemes now join hands with ransomware. And the damage could be immeasurable.

Ransom! It’s the oldest crime in the book, and yet, we were all surprised when criminals took it online back in 2014. Have we since solved the issue? No. Those businesses who have not taken cybersecurity serious are still very much at risk. Ransomware popularity still continues to skyrocket, primarily because of the huge profit left by its victims.

It Is the Ransoming of Data

Unlike other cyber attacks where hackers steal data and then sell it somewhere, criminals who use ransomware as their primary means of attack receive direct payment from the victim. What do they do? These cyber attackers compromise the business data environment – and the rewards are huge. Besides, getting the victims to pay, now they do so anonymously by requiring victims to pay in digital coin such as bitcoin.

The most recent of these data breach crimes was the massive WannaCry attack. This bug affected more than 74 countries and thousands of computers. Originally, an NSA program used to spy on targets, it was stolen from the agency and leaked in April of 2017. The cyber criminals used it for ransomware and spread it throughout the world. After landing on a computer, it encrypts files and charges from $300 to $600 in blockchain currency (Bitcoin) to restore the documents. This is just one case of this type of successful hacking events, there were many before it, and without a doubt there will be many more to come.

Data breach efforts using ransomware have so far focused on file encryption, but future variations may bring in a combination of compromise methodologies. Many hacking pros already realizes that taking files for ransom is just one method of making easy money.

Attacking systems in this way, whether through vector corruption, exfiltration or disruption, then demanding a ransom may be the future of the newer and more conniving hacking environment.

What Is the Future of Business Data Breach Hacking?

Here are a few possible trends we may see moving forward with this type of data breach.

Data Corruption – while this is the most common type of hacking of this type. Lately we have also seen database corruption attacks against MySQL and MongoDB.
Backup Encryption or Wipeout – Backups are important as a way of mitigating ransomware. However, they can also be compromised and the process of getting systems back up can be costly for the enterprise.
Data Exfiltration – Stealing highly classified documentation usually means that hackers are looking for money, and in some cases holding the data for ransom is less profitable than selling it on the darkweb.

It’s reasonable to assume that in the future most hacking attacks will also include some type of ransomware or extortion. It is through these infiltrations that data breach attackers will demand a ransom to stop, or in some cases, reverse the hacking attack. Considering this, organizations need to step up their cyber security efforts and protect their assets.

How Can Your Organization Protect Itself from Ransomware Hacking Attacks?

Dealing with ransomware is not easy. But we have added a few tips that can help your organization maximize its security, and in doing so, prevent an attack, or in case of infiltration, of minimizing the damage created.

Conduct frequent data security audits, improve monitoring functionality and implement a reliable alerting system. These actions will allow IT teams to take immediate action and respond to breach situations.
Enable real-time blocking.This allows for the organization to prevent attacks, and it goes a step further by giving your IT team a warning, allowing the team to block and quarantine users or hosts whose systems are in a state of compromise.
Plant data decoys for hackers to steal and then alert IT teams of a hacker’s infiltration of the dummy data. This gives you an advantage and protects your real data from being hacked.
Schedule and perform regular cyber attack discovery scans
Deploy a cyber security solution with one management console to centralize the protection and file information.

Hacker Reputation + Potential Profit = More Ransomware

Some may argue that it’s unlikely for a victim to pay the ransom when an attacker is threatening to disclose data or wipe your data, mainly because the victim has no guarantee the attackers will stand by their word and dump the sensitive data or decrypt the data or won’t attack again (attackers are malicious and untrustworthy by definition, of course).

Though in practice, we can see that attackers are getting paid.

Odd as it sounds, ransomware “vendors” do care about their reputation. They want victims to know they stand on their word – that if you do pay a ransom on time as demanded, they will stop or reverse the attack. Otherwise, their reputation is tarnished, which could potentially destroy their business model.

In conclusion, crime associated with ransomware and cyber extortion, is just getting started. The potential profit to hackers is great, and the potential risk to organizational data is even greater. It is important that enterprises take steps now to protect against these type of attacks by implementing reliable cyber security measures.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.

Cyber Security: An Issue Not Yet Fully Addressed

May 2, 2018/0 Comments/in Tips /by Scott Lawler

According to Breach Level Index 4,996,388 records are stolen every year, 208,183 every hour, and 3,470 every minute. This is a huge number – and that means we are not addressing cyber security issues as we should.

As businesses, it is our obligation to protect all the data we receive. And yes, we use data for everything: for statistics, growth analysis, customer databases, customer financial information, customer trends, etc. Having access to this data is fantastic as it allows us to process payments, direct offers to customers, keep financial and contact information for our client base, and even touch base on social media. Truth is that the effective use of data allows a business to achieve its fullest potential and quickly. But with this use of data comes responsibility.

It’s Safe. It Is All In The Cloud

Unfortunately, cyber security is an afterthought for most organizations. After all, there is no reason to worry, the most confidential data is kept in the cloud. And cloud providers encrypt the data anyway, right?

Yes, very few organizations house their data in-house, and most business IT equipment is not equipped to handle large amounts of data. So your business is probably storing the most important information in the cloud. But just because you store it offsite does not remove your responsibility for protecting this information as best you can. Remember the statistic we listed at the beginning of the article? Something is still wrong for these numbers to be so high. The fact of the matter is that cloud encryption is no longer enough. You have both a regulatory and commercial obligation to keep customer information, sales, and analytical data safe.

The Cloud Provider Does Encrypt But…

The problem with the cloud lies in the key.

Commercial cloud storage systems encode data with a special key, known as an encryption key. Hold on. Did you say ‘key’? Exactly! This is a key, and without it, the files look like gibberish. But keys can be stolen. When it comes to cloud storage, the key takes on the form of a password, which allows data to be locked or unlocked. And that key, along with other important information, is held by the user (usually on the enterprise system). Are you getting my point here? Keys are stolen all the time, and if someone else gets ahold of the key it can result in a huge data compromise.

Take Extra Steps to Protect Your Data

You must ensure that all of your business data is kept safe. And relying wholly on cloud storage encryption may not be the answer. To maximize cloud storage and enterprise cyber security, it’s best to combine various encryption approaches. For instance, before uploading data to the cloud, you should first encrypt it using specialized encryption software you either find as an open source tool or purchase for added cybersecurity. A few types of encryption software options include Cypherix Cryptainer PE, or InterCrypto CryptoExpert 8. These types of cyber security programs offer additional security for files or data that remains on the enterprise system – or even for data to be loaded into the cloud environment.

Use Real-Time Cyber Security Analysis

And of course, an additional way to protect all of your data, both the information you store on your computer systems, as well as that which you store in the cloud, is to implement a big data solution that addresses cybersecurity processes. Software solutions like ArcSight offer insight into security threats in real time. This type of software allows you to track, organize and view and act on cyber attacks occurring on your personal business computer systems as well as your cloud operations in real time.

In The End…

All data – whether stored in the cloud or on an enterprise server – faces significant cyber security issues. And it is important that all businesses, large or small, address the need for better encryption processes.

As the person responsible for your enterprise data security, it is vital that you implement state-of-the-art cyber security strategies to improve data security and protect all of your business data.