17 May Who can help to prevent future ransomware attacks?
By Mitchel Chang, Trend Micro Initiative for Education
The recent Colonial Pipeline ransomware incident may be a wake-up call for how we can protect our critical infrastructures and major businesses from cyber-attacks. “Cybercrime business” is rapidly growing and perpetrators are making billions of dollars worldwide. With the global internet, hackers can initiate attacks from anywhere to any organization around the world at any time.
From our government to our local communities, the battle line has been drawn between “good” and “evil.”
In recent years, we witnessed some good progress in our fight against these organized hackers.
- At the federal level, the US government has many agencies helping fight cybercrime, such as DHS, FBI-IC3, USSS, FTC, and the recently established CISA. Cybercrime investigation and other cybersecurity programs were also implemented by various state and local law enforcement agencies.
- Cybersecurity companies and software vendors made huge progress in providing security solutions and tools for both businesses and consumers. This is not an easy task since our technology is evolving quickly. Vendors must provide protections for cloud environments, IoT devices, critical infrastructures, offices and remote workers, and mobile devices. New technologies such as artificial intelligence and big data are used by both hackers and security providers. It is an “arms race” in technology.
- Universities and colleges are actively working on additional cybersecurity curriculum to address the cybersecurity professional shortage, which was documented by NIST’s Cyberseek.org.
- Governments, nonprofits, and industries are teaming up to help raise the level of awareness and educate our community about cybersecurity (i.e., Cybercrime Support Network, SCORE, National initiative for Cybersecurity Education, and free cyber awareness tools from Trend Micro)
With all these efforts, businesses likely have the tools to block spam and phishing emails. However, attackers are constantly looking to evade standard defense techniques and may use tactics such as sending PDFs or shared drive attachments to a phishing email that slip through the corporate defense layer. It is imperative that all users and employees are aware of the risks and educated about the signs of phishing.
From the technical side, more than 90% of ransomware and targeted business attacks start with a spoofed email (aka phishing). Even if our organizations have the best security tool and IT security teams, any employee still may help hackers open a backdoor and drop a malware loader by clicking on a phishing email. Once criminals gain some control of your device or network, they are much more capable of performing the attack desired.
Some perpetrators may remain in stealth mode and try to steal information from your system, such as customer credit card numbers, or connect your network to their command-and-control server and wait for an opportune time to attack.
In the case of ransomware, once a user clicks on a phishing email and lets the attackers into your network, they will eventually encrypt your data and programs. They may even exfiltrate your critical data before encrypting it as leverage to encourage payment of the ransom. Criminals leverage advanced encryption technology that make it almost impossible to recover the encrypted and exfiltrated data without a long digital key (hex numbers).
Recently, we also witnessed various social engineering techniques in businesses email compromise (BEC) or spear-phishing in which attackers first conduct reconnaissance on their target victim from public sources such as social media. Then they will impersonate one of the victim’s colleagues or friends to significantly increase the chance of a successful attack.
In conclusion, to win the fight for the good, we must help our employer or our own business by knowing the risks and not getting fooled by phishing emails. Please “think and assess” before you click!