While October is designated as Cybersecurity Awareness Month, focusing on keeping your company and customers safe should be a constant priority, especially with the growing number and sophistication of ransomware attacks worldwide. As companies interact more digitally with customers and end-users, their attack surface increases, presenting more opportunities for would-be attackers.
We've spent a lot of time studying ransomware attacks and instead of viewing them as an amorphous threat, have looked for distinct scenarios that can be identified and mitigated. These efforts have resulted in a taxonomy to identify four specific scenarios companies should be aware of to defend themselves:
This is the classic attack scenario that comes to mind for most folks when you hear the word "ransomware." For some environments, this can unfold as easily as a compromised username and password being used to infiltrate a virtual private network (VPN) to access network resources. Once a bad actor is inside, they can take control of a company's IT infrastructure. By locking out internal users from their laptops and servers they require access to do their jobs, this type of attack can immediately shut down the ability to operate the business.
The security technical debt in the IT environment is the key focus for remediation to limit the impact of this type of attack. By deploying basic tools such as multi-factor authentication (MFA) to verify user credentials, companies can avoid these disruptive and expensive ransomware attacks. A few suggestions for companies to consider:
Some attackers may target the servers and infrastructure that underpin a company's service delivery to customers. In many organizations, engineering or tech ops maintain software-as-a-service as a distinct environment separate from corporate IT. Bad actors may seek to interrupt critical service delivery such as website functionality, online customer support, and customer-facing applications.
An organization that is squarely focused on the first scenario targeting corporate IT might have significant gaps lurking in the engineering environment underpinning service delivery to customers. Engineering teams can also speak a different language from the folks in IT, so organizations should tailor their risk discovery and remediation efforts for each environment that must be protected.
In these types of sophisticated attacks, threat actors will compromise a company's product engineering build and release infrastructure to gain access and distribute trojan updates to the downstream users of their software.
These software supply-chain attacks are particularly appealing for attackers because they take advantage of the trusted relationship between customers and vendors regarding the integrity of the distributed software.
We recommend a trust but verify approach when it comes to your vendor's value chain security and to consider threat modeling from both an outside-in and inside-out perspective. Here are some ideas to make your architecture infrastructure more resilient against supply chain attacks:
In this scenario, an attacker targets an installed version of commercial software to act as a point of distribution for a ransomware attack throughout the victim organization. This might be achieved through product vulnerabilities or leveraging stolen credentials.
Based on our analysis and identifying similar characteristics of other ransomware targets, we recommend the following steps to mitigate product risk:
While the pace of the digital economy continues to drive business growth and rapid innovation, it is also fueling an unprecedented level of cyber threat globally. Each of these ransomware scenarios presents the opportunity to improve your defenses by taking a proactive and zero trust approach to threat detection, mitigation, and response. Stay safe!
We'd love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn