Cyber Agencies Warn: Ransomware Attacks Are Worse Than Ever
Memo to businesses: Ransomware attacks are worse than ever, and unless you prepare, don’t be surprised if you or your business is the next victim, warn government cybersecurity czars.
Joint advisory cybersecurity authorities in the United States, Australia, and the United Kingdom observed a marked increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally throughout 2021. They expect the increase to continue in 2022.
Though efforts are being made to track, combat, and mitigate groups that use ransomware, the latest view from the front lines is that extortionists wielding crypto-locking malware continue to take down numerous targets—with impunity. Organizations should prepare now or get set to pay later.
To improve the cyber resiliency of domestic businesses, all three countries’ governments have emphasized that leaders review their organization’s IT and cybersecurity postures. Ensure that the basics are being done correctly and to build from there.
“We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim,” says Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, aka CISA.
Critical Infrastructure Falling Victim
The joint alert notes that ransomware attacks have affected at least 14 of the 16 U.S. critical infrastructure sectors, which include communications, emergency water services, the energy sector and financial services.
Latest Look at Essential Defenses
Recommendations in the advisory address ensure that 7 basic-level defenses are in place. They include:
- Stay current: Keep all operating systems and software fully patched and up to date.
- Lock down remote access: Accessing poorly secured remote desktop protocol, or RDP, connections continues to be a very successful attack vector for gaining initial access to corporate networks.
- Train users: Together with RDP and exploiting unpatched flaws, phishing attacks remain a top attack tactic. Accordingly, an effective response must include education to “reinforce the appropriate user response to phishing and spear-phishing emails,” the advisory says.
- Fewer administrators: Require the use of strong passwords for all accounts, minimize admin-level access to systems and use time-based access controls for granting temporary, privileged access when required.
- Lock down Linux: “If using Linux, use a Linux security module – such as SELinux, AppArmor or SecComp – for defense in depth,” the advisory says.
- Better authentication: Use multifactor authentication (MFA) wherever feasible, but especially for critical systems, in case attackers steal the passwords they need to access them. MFA is a baseline cybersecurity requirement for remote access to systems and data and most insurers require it.
- Protect the cloud: “Backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud” will help. Likewise, “if using cloud-based key management for encryption, ensure that storage and key administration roles are separated,” the advisory says.
In addition to these basics, organizations need to look into the following:
- Ensure that all backups are fully encrypted and that multiple copies are stored offline – meaning “physically disconnected” – as well as regularly tested and restored. “
- Consider separation of account roles to prevent an account that manages the backups from being used to deny or degrade the backups should the account become compromised.
- Segmenting networks, using end-to-end encryption, ensuring the security team is tracking “telemetry from cloud environments,” investigating all abnormal activity, fully documenting all externally facing remote connections and disabling and monitoring for unneeded command-line utilities and scripting.
If you have questions about the evolving cyber-threat environment and how to keep your bank safe, call ITPAC today.