Ransomware is a topic that regularly comes up when I speak to CISOs and information security leaders, understandably so as recent reports have highlighted two growing themes. Firstly, Covid-19 has resulted in an uptick in campaigns dropping ransomware and secondly, the direction has shifted to more targeted campaigns against larger organizations (both per the NTT 2020 Global Threat Intelligence Report).
There is no denying the impact a successful ransomware attack can have on an organization, not only in terms of the financial and reputation hit but also the effects of service disruption. If you consider some of the organizations across the globe that have fallen victim to ransomware, it is not difficult to understand the real-world implications a successful ransomware attack can have on customers and citizens.
Increasingly, ransomware is one of a number of modules being dropped by other malware, such as Emotet, which was the most prevalent malware variant of 2019 (per the 2020 Cyber Security Report from Checkpoint Research). However, if it is true for Emotet, it is also true for other malware variants which use similar techniques to progress through the typical attack lifecycle, including execution, discovery, persistence, lateral movement, etc. So once initial access is gained, it becomes a question of how robust your internal security controls are against the techniques employed throughout that attack lifecycle.
How susceptible is your organization to a Ransomware attack?
The secret is to be able to test your systems for their resiliency to that family of threats and their delivery vehicles on an ongoing basis. A new Automated Penetration Testing platform, named PenTera enables just that. It uses those same emotet-like techniques in its tests and singles out controls that need configuring and vulnerabilities that need patching to stop these kinds of attacks from happening. If and when PenTera is able to reach an achievement using the non-malicious techniques, you may conclude that Emotet will also be able to reach the same achievement using malicious techniques. An example being brute forcing the local admin password (MITRE ID T1078) and using the credentials to move laterally using the Admin$ share (MITRE ID T1077).
By working through the concise and focused remediation activities you can then re-run PenTera and validate that the achievements are no longer possible. If a given technique can no longer be executed successfully using PenTera, that technique will likely no longer be available for Emotet to successfully execute, thereby pre-empting the ransomware drop.
So even if it is possible for malware to enter your network, by using PenTera to identify those techniques used by the trojan to download and execute ransomware malware, you can dramatically reduce the probability of a successful attack.
That in itself may allow you to sleep somewhat sounder than before.
How we improved our QA with Shift-Left testing
This article is part of Pentera’s Engineering Series – a behind-the-scenes look at the technologies we develop to keep companies secure. In this piece, we look at the testing processes that we use to QA our platform and deliver a high-quality solution. It almost goes without saying that testing is a critical part of the...
Five steps to mitigate the risk of credential exposure
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their...
WiFi – The Untested Attack Surface
Much of a company’s assets are connected to Wi-Fi networks. However, security teams are often less likely to validate these networks. This pushed us to wonder what we might find if we were to test a corporate WiFi network. After running the Pentera platform™️ over Wi-Fi, we found several vulnerabilities, which helped us gain insight...