#datasecurity

Ransomware lifecycle and protection methods

One of the most popular and rapidly growing categories of cybercrime is ransomware. More than 4000 ransomware attacks occur daily. This number of attacks and close relationship between company and third parties increases the risk compromising employee data. Sensitive data can be secured with a ransomware prevention strategy and a process for quickly detecting compromised data.

An effective attack prevention strategy involves deploying security controls at every stage in the evolution of a typical ransomware attack.

The main stages of a ransomware attack are:

  1. Phishing attack – email that contains malicious links that redirect the user to a scam site to steal internal credentials. This is the most popular way to launch an attack;
  2. Interaction with the user (victim) – following the link, downloading attachments, etc.;
  3. Account compromise – compromise of the victim’s corporate credentials by addressing them to a malicious site or using social engineering (for example, a hacker pretends to be an employee of the IT department and requests confirmation of a two-factor authentication message. At this stage, malware is most often injected, initiating the installation of ransomware;
  4. Designation of privileged data – privileged credentials detection and compromise to gain unauthorized access to sensitive network areas;
  5. Search for sensitive data (personal data, customer data, social security numbers, corporate credentials, corporate and personal email data, any digital trail that can be used for identity theft);
  6. Data exfiltration – malware deployment to establish backdoor connections to the cybercriminal’s servers. Data transfer is carried out through backdoor connections. For this data the cybercriminal will demand a ransom;
  7. Data encryption – a cybercriminal encrypts the operating and computer systems of the victim in order to cause maximum damage. The victim receives a ransom notice (usually in a TXT file) with a clear indication of the ransom price. Cybercriminals demand ransom payment in cryptocurrency (bitcoins), since it is more difficult for law enforcement agencies to track their movement. To speed up the process of paying the ransom, criminals threaten to place data on the dark web or delete it;
  8. Data dump is the final stage of the attack. At this stage cybercriminals publish all compromised data in the cybercriminal marketplace. Some cybercriminals delete data, saving themselves from publishing it on the black market and tracking purchase requests. If the victim refuses to pay the ransom, the cybercriminal can punish the victim and publish all the data on the forums. Free access to data posted on such forums does more harm to the company than selling it to 1 group of cybercriminals.

Company can protect and mitigate the ransomware impact by implementing security measures at each stage of the attack:

  1. Cybersecurity training. It is very difficult to defeat ransomware if it has already infiltrated the corporate network. By preventing intrusion, cybercriminals are unable to carry out a successful attack. Employees often don’t know how to recognize threats and how to respond to them, and thus contribute to the attack success. It is important to provide high-quality training for all employees, inform about potential risks and teach them to recognize threats;
  2. Tracking interactions with malicious links and attachments. To prevent an attack from progressing to the next stage, such activity must be detected as soon as possible. Employees should alert IT security professionals immediately;
  3. Prevent account compromise. Multi-factor authentication should be implemented. The most secure form is the biometric authentication method. Biometrics such as fingerprints, facial recognition are very difficult to steal or copy;
  4. Protection of privileged data. Implementation of a password manager, multi-factor authentication, zero-trust security model (all internal traffic is perceived as malicious, and therefore the user must constantly confirm his identity to get access to confidential resources);
  5. Prevent data loss. Closing or segmenting from the general users access to sensitive network areas. It is also necessary to ensure that all user accounts that have access to restricted areas are protected by multi-factor authentication;
  6. Prevent data theft. This process consists of 2 elements: detection and prevention. Detection methods include:

Prevention methods include:

  1. Protection against data encryption. Rapid switchover processes to backup systems can minimize business disruption in the event of a ransomware attack. Such environments must be accessible with a unique set of credentials, i.e. they must be different from those used in a normal IT environment.

Cybersecurity importance for modern business

The main modern business task is to ensure reliable data protection. Cybersecurity protects data of all categories from theft and damage: confidential data, personally identifiable information (PII), personal health information (PHI), personal information, intellectual property, data, government and corporate information systems. The absence of a cybersecurity system increases the risk for a company to become a target for cybercriminals.

The global use of cloud services as a repository for sensitive data also increases the risks. Misconfiguration of cloud services and more sophisticated methods of cybercriminals lead to successful cyberattacks and data leaks. Off-the-shelf solutions such as anti-virus software and firewalls are not reliable data protection. Cybercriminals are using smarter tactics and methods that are more resistant to traditional cyber defenses.

Cyber ​​threats can come from any level of an organization. It is important to ensure that staff at all levels are trained in cybersecurity, aware of common cyber threats (social engineering fraud, phishing, ransomware attacks, and other malware to steal intellectual property and/or identity), teach how to recognize them and familiarize them with the action plan when an incident occurs.

Cybersecurity is the state or process of protecting and recovering computer systems, networks, devices and programs from any cyberattack types. The threat to data is high as cybercriminals use new methods based on social engineering and artificial intelligence to bypass traditional data protection methods with ease. Keep data secure by implementing intelligent security solutions combined with strong password policies (for example, multi-factor authentication to prevent unauthorized access).

Modern society is highly dependent on technology, and this trend will only grow. Data that can contribute to major data theft is published on social media accounts, sensitive information (social security number, bank card and account information, etc.) is stored in cloud storage (Dropbox, Google Drive, etc.). Every day, whether a large corporation or an ordinary person uses technology and computer systems. If you compare this with security lack of cloud services, smartphones, the Internet of things, then there are many potential security vulnerabilities that didn’t exist even a few years ago.

The General Data Protection Regulation (GDPR), namely reputational damage and customer liability, has motivated organizations to rethink cybersecurity. According to the GDPR, organizations operating in Europe are required to:

In the US, data breach laws are in place and include:

In 2003, California became the first state to regulate data breach disclosures. Victims can sue up to $750 and companies can be fined up to $7,500 per victim.

This, in turn, has contributed to the development of frameworks for understanding security risks better, improving cybersecurity measures, and preventing cyberattacks.

Information theft is the most expensive and fastest growing segment of cybercrime. This is largely driven by the growing disclosure of identifying information on the Internet through cloud services. Also, industrial and government facilities are targeted in order to violate the integrity of data (destruction or modification of data) and to distrust the organization or government.

Social engineering remains the simplest form of cyberattack, and ransomware, phishing, and spyware the easiest method to infiltrate a system. It is important to consider that the attack can be carried out through third parties that use unreliable cybersecurity methods.

According to research, the average cost of cybercrime to an organization has increased by $1.4 million over the past year, and the average number of data breaches has increased by 11%.

Factors contributing to cybercrime growth:

Consequences of neglecting cybersecurity:

The Main Data Security Aspects

Data security is the process of protecting files, databases, accounts through controls, applications, and practices that prioritize data privacy and compliance.

The main elements of data security are confidentiality, integrity, availability. A model based on these three elements allows to ensure data security and protection from unauthorized access and data theft. It means:

The main points that need to pay attention to ensure data security:

Technologies to prevent leakage, reduce risks and provide reliable protection:

Ensuring data security:

Data security rules

There are certain data security rules, such as HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley Act), GDPR (General Data Protection Regulation), etc. They provide organizations for such requirements:

  1. Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Mobility and Accountability Act. It was approved by the US Congress and enacted on August 21, 1996 to modernize the flow of medical information and protect personal information held by healthcare facilities and the health insurance industry from fraud and theft. The law requires relevant organizations to adopt security standards that take into account the technical capabilities of record systems for storing health information, providing security measures costs, and the value of computerized record systems.

Primary requirements:

  1. Sarbanes-Oxley (SOX)

US law provides for the introduction of more stringent requirements for financial reporting and the process of its preparation. Under this law, public companies are required to provide an annual assessment of their internal financial audit effectiveness.

Primary requirements:

  1. General Data Protection Regulation (GDPR)

This is an EU regulation that defines how organizations process personal data. It covers the protection of  EU citizens personal data such as insurance number, date of birth, email address, IP address, phone number, account numbers etc.

Primary requirements:

High-profile Data Leaks 2021 – 2022

With every hack and data leak, the question of organization cybersecurity becomes more and more relevant. Any business must first of all take care of information security. Here are examples of high-profile company data leaks in recent months that prove the importance of this issue.

  1. February 2022 – GiveSendGo

A Christian fundraising site was hijacked in response to Ottawa truckers’ protests. The hackers used a DDoS attack and redirected the fundraising site to another page. As a result of this attack, the personal data of people who donated funds were compromised. In total, the personal information of 90,000 donors was published.

This case further highlights the importance of using secure platforms and payment methods to keep customer data safe and not compromised. If the company has already encountered such a nuisance, it is worth taking the right measures to eliminate the leak as well as the causes of its occurrence.

  1. January 2022 – Crypto.com

Blockchain is the latest technology that is used in the financial sector. This model has long been considered one of the most secure transaction processing forms. But technology development gives rise to the development of cybercrime methods. So, on January 17, 2022, an attack was made on an application for exchanging cryptocurrency. The attack targeted the wallets of 483 app users.

The hack resulted in the theft of about $18 million worth of BTC, $15 million worth of ETH, and other cryptocurrencies. Hackers have learned to bypass two-factor authentication and gain access to users’ wallets, which made it possible to organize a hack. To reduce the risks of this attack type, it is important to use a password manager. Businesses should be aware of all the risks associated with the theft of cryptocurrencies. Therefore, all sensitive data must be encrypted.

  1. December 2021 – FlexBooker

FlexBooker is an appointment scheduling tool. Before the New Year holidays, they became a victim of cybercriminals, as a result of which approximately 3 million users suffered. Attackers gained access to confidential data (driver’s license, photos and other personal information) and posted it on various hacker forums. For these purposes, the hackers used the FlexBooker AWS configuration, installed malware on the servers, which allowed them to take full control of the system.

  1. November 4, 2021 – Robinhood

Robinhood is an American financial services company offering commission-free trading in stocks and exchange-traded funds through a mobile app. The attack on the company took place on November 16, 2021. Using social engineering (the method is based on the social psychology usage), internal systems were hacked. According to the company report, criminals gained access to the email addresses of almost 5 million users and other personal information. For non-disclosure of any data, the attackers demanded a ransom.

  1. October 2021 – Twitch

Twitch is a video streaming service that specializes in video games. In October, it became known that an unknown attacker penetrated the source code, as a result of which data sets were compromised, including about payments to the creators of the service. The leak contained 3 years of payout data, information about twitch.tv activities, client source code, proprietary code, etc.

Data needs protection

On the one hand data promotes huge possibilities for business and on the other hand it demands a huge responsibility from the business. Effective data management system including data collection, storage, processing, accessibility, safety is a necessary part of every company. All system and every its process must be correctly configured and perform its functions to obtain maximum result.

There is no doubt that all data need to be protected, otherwise other business processes can become senseless. News about leak of different companies’ information is not rare. For example, in the result of Yahoo attack in 2013 were compromised 3B of clients’ identity details; Marriott attack involved 500 million consumers personal information; more recent problem – Sephora information leak.

Such situations have negative influence on the whole business space: both an injured business (stock price losses, a barrage of bad coverage, widespread business mistrust etc.) and business that has become a witness of this situation. The management of companies (specifically after the next leak news) is actively involved in cybersecurity issues. However, fear and knowledge lack generate mistaken opinion among management (for example, artificial intelligence technologies implementing ensures protection against cyber attacks).

But before technologies implementing into business processes, it is necessary to pay attention to the following points:

  1. IT department

It is too often situation when one IT specialist plays several roles in the company (from maintaining work computers to ensuring the protection of confidential data). The IT department understaffing and insufficient training level entail negative consequences, including data security issues. There is not the right size of IT department. Its size should be such that all company’s requests are qualitatively satisfied.

  1. Financial restrictions

Every business strives to maximize profit and minimize costs. The management is reluctant to agree to a new cost item of hiring cybersecurity specialists or training existing employees. Trying to save money a choice turns next to a cheaper option – low-quality decision acquisition, that endangers the entire business.

  1. Expenditures for ineffective methods

To choose an effective data protection method it is necessary to understand completely what data the company owns, what information is confidential, where it is processed etc. Without realizing it and chaotically buying data protection tools you may find that all these tools are not suitable for business needs. Money was spent without result.

The process of data management system selection and implementing don’t tolerate haste, «economy» and chaos. Organizing the IT department inside a company it is necessary to understand what functions IT specialists need to perform, what business needs must be met, what goals must be achieved. Only understanding this, it is possible to create effective department. Delegating tasks of data management system implementing to contractors it is important to make a well-considered decision. Trust your business to a responsible partner who helps to achieve goals and improve business performance.

GoUp Chat