- Advertisement -Newspaper WordPress Theme

Top 5 This Week

spot_img

Related Posts

Ransomware Attacks, 5 ways of errors

Information security should be made part of the values and culture of any organization. Many organizations forget about safety, only to be jolted into action once an incident has occurred(Ransomware Attacks, 5 ways of errors). That should not be the case. Employees must be persuaded to become good stewards of information security through behavior change. Organizations that are adept at getting everybody on board are more successful at keeping attackers at bay. 

Under my researches, these are the 5 common ways businesses are targete by ransomware attack:

1) Email Attachments

Email is still the largest attack surface in organizations. Every organization is reliant on email for communication. There should be a concerted effort to address email attacks holistically and boost email security. Many attacks start with a simple email attachment that will execute malicious code and spread a ransomware payload across the entire organization within minutes. Most of the time, the attachment can be a JavaScript file or a ZIP file. These files are popular email attachments and make it easy for attackers to introduce malicious code and execute an organization’s attack. 

One effective way of preventing email-based ransomware attacks is by assessing all inbound emails and identifying the most common attachments. For most organizations, the most common attachments are Word docs and Excel files. If that is the case, all other attachments should be block and dealt with on a need-to-need basis. Take note that exceptions can be made to ensure that non-typical file types can be handle differently when the need arises. 

2) External Facing Assets

You have two types of external-facing assets – intended and unintended assets. There are specific assets such as remote desktop protocol (RDP) or server message block protocol (SMB) that are particularly vulnerable to attacks. Both intended and unintended assets are targete for the attack through existing vulnerabilities and brute force attacks. The involuntary assets present the most significant problems to security teams since they are not supposed to be exposed. Businesses must fully understand their external-facing infrastructure and have in place measures that will help identify infrastructure changes or suspicious activity.

The ideal scenario is to use a third party to verify all the external-facing assets of the organization. Solutions developed to help in-house teams determine all assets that appear in the public IP address. This information should be collecte and reviewed regularly to keep track of any changes. Institute measures to ensure that user accounts that attempt numerous logins are lock out. The most critical charges to protect are service accounts that typically have more privileges than end-user accounts. Server accounts also carry back-end configurations that help auto-reset login attempts or disable lockout policies that may disrupt business operations. 

3) Process Injection

Process injection will entail arbitrary code execution. Malicious actors use process injection to introduce arbitrary code into normal running processes. For example, TrickBot uses legitimate svchost.exe to inject and run arbitrary code to finally take control of a business environment. Process injection relies on stealth to mask attacks and make them difficult to detect. Such is the use of stealth that you may not see malicious processes when looking at the currently running processes on a host. The execution of arbitrary code is entirely dependent on the user context their processes are running.

A legitimate executable running through a signed-in user is different from an executable running from a system administrator account. The solution is to disengage as many administrative rights from end-users. Reducing administrator access brings down the success rate of arbitrary code execution.  When an endpoint becomes compromised or suspects suspicious activity, work to identify any legitimate executables that may perform abnormal actions. Using the svchost.exe example, check if the process establishes a connection to a remote IP address without a command-line argument. 

Ransomware Attacks, 5 ways of errors

4) Inventory Asset Management

A big challenge for incident responders is that they have to fully understand how incidents affect core business operations. That’s in addition to having the required technical skills and keeping abreast of the latest tactics being use by malicious actors. Small businesses have to grapple with small IT security teams or none at all, whereas the large corporations have to deal with numerous assets and more infrastructure. During incident response, having visibility into more infrastructure will provide a more significant opportunity to detect abnormalities. Attackers have gained the upper hand where an asset is not correctly monitore by security teams.

Repeated damage has occurred when numerous environments recover from ransomware attacks only to get compromise a second time since preventive policies were not applly for all endpoints. In some instances, security teams were unaware that the endpoints existed, and malicious actors compromised them. Asset inventory management calls for organizations to be relentless in understanding their environments and all assets. Security teams can use inventory management software or built-in tools such as PowerShell to regularly collect information and ascertain every purchase status. Inventory management is a never-ending process characterized by continual learning and tracking of changes. 

5) User/Human Error

Human error is the weak point for organizations even when they have the best security team assembled and the best security tools in place. Many attacks start with an employee opening an email attachment and allowing actors to gain access. Even the most diligent employees still fall for phishing attacks. Beware of devices that are unaccounte for but are use to connect to your organization’s network. These devices and apps increase the surface of attack exploited by malicious actors. The security team must keep track of all external-facing assets and put in place policies that govern the use of personal devices in the organization’s network. Human error can be minimize through policies and procedures, software, and security awareness training. Organizations that view end users as part of their security assets will fare better in the fight against malicious actors. 

The solutions? Prevention, training, and the right working habits.

Alessandro Civati
Alessandro Civatihttps://lutinx.com
Entrepreneur and IT enthusiast, he has been dealing with new technologies and innovation for over 20 years. Field experience alongside the largest companies in the IT and Industrial sector - such as Siemens, GE, or Honeywell - he has worked for years between Europe and Africa, today focusing his energies in the field of Certification and Data Traceability, using Blockchain and Artificial Intelligence. At the head of the LutinX project, he is now involved in supporting companies and public administration in the digital transition. Thanks to his activities carried out in Africa, in the governmental sphere, and subsequently, as a consultant for the United Nations and the International Civil Protection. The voluntary work carried out in various humanitarian missions carried out in West Africa in support of the poorest populations completes his profile. He has invested in the creation of centers for infancy and newborn clinics, in the construction of wells for drinking water, and in the creation of clinics for the fight against diabetes.

Popular Articles