How to Sleep Tight, While Ransomware Threats Are About
Ransomware is a topic that regularly comes up when I speak to CISOs and information security leaders, understandably so as recent reports have highlighted two growing themes. Firstly, Covid-19 has resulted in an uptick in campaigns dropping ransomware and secondly, the direction has shifted to more targeted campaigns against larger organizations (both per the NTT 2020 Global Threat Intelligence Report).
There is no denying the impact a successful ransomware attack can have on an organization, not only in terms of the financial and reputation hit but also the effects of service disruption. If you consider some of the organizations across the globe that have fallen victim to ransomware, it is not difficult to understand the real-world implications a successful ransomware attack can have on customers and citizens.
Increasingly, ransomware is one of a number of modules being dropped by other malware, such as Emotet, which was the most prevalent malware variant of 2019 (per the 2020 Cyber Security Report from Checkpoint Research). However, if it is true for Emotet, it is also true for other malware variants which use similar techniques to progress through the typical attack lifecycle, including execution, discovery, persistence, lateral movement, etc. So once initial access is gained, it becomes a question of how robust your internal security controls are against the techniques employed throughout that attack lifecycle.
How susceptible is your organization to a Ransomware attack?
The secret is to be able to test your systems for their resiliency to that family of threats and their delivery vehicles on an ongoing basis. A new Automated Penetration Testing platform, named PenTera enables just that. It uses those same emotet-like techniques in its tests and singles out controls that need configuring and vulnerabilities that need patching to stop these kinds of attacks from happening. If and when PenTera is able to reach an achievement using the non-malicious techniques, you may conclude that Emotet will also be able to reach the same achievement using malicious techniques. An example being brute forcing the local admin password (MITRE ID T1078) and using the credentials to move laterally using the Admin$ share (MITRE ID T1077).
By working through the concise and focused remediation activities you can then re-run PenTera and validate that the achievements are no longer possible. If a given technique can no longer be executed successfully using PenTera, that technique will likely no longer be available for Emotet to successfully execute, thereby pre-empting the ransomware drop.
So even if it is possible for malware to enter your network, by using PenTera to identify those techniques used by the trojan to download and execute ransomware malware, you can dramatically reduce the probability of a successful attack.
That in itself may allow you to sleep somewhat sounder than before.
Despite major investments in their security suites, organizations continue to be breached. Our Co-founder and CTO, Arik Liberzon, recently sat down with CyberNews to discuss the value of the adversarial perspective and where his inspiration from Pentera came from. Starting out, I arrived at the idea for Pentera and Automated Security Validation in a pretty...
In this post, we will examine one method of encrypting data-at-rest, specifically how to achieve Data-at-Rest Encryption for MongoDB Community Edition (CE) containers through eCryptfs. Introduction Our goal at Pentera was to implement a solution that prevents data discovery upon theft when the system is offline (e.g. if a host is stolen or someone is...
After CentOS 8 was declared end-of-life (EOL), we had to find an alternative operating system (OS) for our on-premise solution, as did many other teams and organizations. Although our deployment is container-based, we still had to prepare the groundwork for different OS areas, from security patches and network modifications to installing required packages. We had...