The methods of attack and the strategies of the people that attack our networks and data resources continue to evolve. Those of us responsible for protecting resources need to stay ahead of the threats. And as the threats change, the cybercriminals are using new tools to obscure their existence and evade detection.
Ransomware is a great example of the ongoing threat. Just as ransomware looked like it was about to be replaced with other threats on the horizon, it has returned with a full head of steam. The first evidence was a rash of highly targeted attacks that occurred earlier this year. New threat tools used deep reconnaissance to pin-point prime targets and effectively evade security solutions that were already in place. The result was the much-publicized increased targeting of municipalities across the country.
These new tools have expanded the usual functionality of ransomware. They can disable Windows services that prevent data encryption and the ability of systems to disconnect from shared drives. This increases the exposure to malicious data encryption. Other ransomware tools destroy encryption keys and delete shadow copies on an infected system to hide its existence until after it is too late.
The challenge is anyone simply monitoring general ransomware trends could easily assume it was in decline and grow complacent. That’s because, in spite of those recent high-profile attacks, the number of ransomware detections has been dropping over time. The quantity of attacks has been replaced with very targeted exploits. These combine reconnaissance with the careful disabling of security tools and services and advanced evasion techniques. The results can be devastating.
To successfully manage and mitigate the cyber risks organizations face today, it is critical today’s security leaders monitor threat intelligence from a variety of sources, and prioritize those risks that point to their specific network environment. This approach needs to be combined with a security strategy designed to see and stop an attack coming from an unexpected location.
Effectively managing cyber risks starts with an integrated security approach which incorporates every security element deployed anywhere across the distributed network into a single security fabric, incorporating segmentation and best practices. Monitoring available threat intelligence is the key to prioritizing the risks you face. For a current (as of the writing of this blog) comprehensive threat report check out the Threat Landscape Report, provided by Fortinet.
And if you would like to discuss your current security landscape and how we might be able to help you, just let me know. I appreciate an opportunity to talk to you about it.