The trends around cyberattacks are concerning.
A quick look at the results of the recently released results of the Fortinet 2021 State of Operational Technology and Cybersecurity Report, nine out of 10 organizations experienced at least one intrusion in the past year and 63% had three or more intrusions. Digging deeper, the most common intrusions were malware at 57% and phishing at 58%, which was up from 43% last year.
However, ransomware, in particular, is especially concerning, in part because the attacks continue to surface. Case in point? Since the Colonial Pipeline and the JBS Foods attacks, there have been a few meaningful and disturbing attacks.
Fujifilm attack
The Japanese multinational conglomerate acknowledged unauthorized access, and is investigating a suspected ransomware attack, forcing the organization to shut down portions of its global network to prevent the attack's spread.
According to Pravin Madhani, CEO and co-founder of K2 Cyber Security, "This latest attack on Fujifilm adds to the many ransomware attacks we’re seeing in the news. We know the frequency of ransomware doubled last year, according to the most recent Verizon Breach Incident Report. Most enterprises cannot operate without a connection to the internet; the shutdown of the network at Fujifilm shows how hard it is to operate in today’s connected world without a network connection,” said Madhani.
Enterprises need to remain vigilant in their security, not only using phishing detection and training employees to recognize phishing, but also making sure they have defense in depth for all of their applications, data, and assets that are internet- facing, explained Madhani. “This includes making sure their devices and software are up to date and patched, and they have security in place for their applications, including runtime security for common attacks like those outlined in the OWASP Top 10 web application risks,” he said. “Equally important, organizations need to make sure they vet the security of the many partners and third-party organizations that they depend on, as thoroughly as they vet their own security infrastructure."
Another recent attack
Although not a manufacturer, the Steamship Authority of Massachusetts ferry service fell victim to a ransomware attack Wednesday, the latest cyber assault affecting logistics and services in the U.S. The authority announced the breach on its Twitter account.“We should hope that the Steamship Authority of Massachusetts is prepared to respond to ransomware. Certainly, the streak of successful attacks that seems to be dominating headlines recently indicates that an incident response plan has become more essential than ever,” said PJ Norris, senior systems engineer at cybersecurity company Tripwire, in a statement. “But while we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat. Adopting new solutions can help organizations protect their assets, but it is by creating a solid cybersecurity foundation and hardening systems that the risk of falling victim to a ransomware attack can be minimized. This includes thorough training of employees about the threats that can come through their inbox, as phishing campaigns still manage to get around email filtering systems and unfortunately continue to be successful attack vectors. Patching vulnerabilities and ensuring that systems are configured securely is also essential.”
Added Norris, “By getting the basics right, businesses will be making it harder and more costly for attackers to be effective with their threats. Most times, a hacker’s function is to cause as much disruption as possible, so finding and patching known vulnerabilities, making sure critical systems are securely configured and monitoring your systems for abnormal changes, can go a long way to increasing your barrier of defense, especially as the threat of an attack from nation-states increases.”
According to Erich Kron, security awareness advocate at KnowBe4, “Once again, we see the impacts of ransomware in a very public form. Fortunately, this was not one that endangered lives. Ransomware has grown from a small problem to a global threat in a short amount of time, as the attackers improve their tactics and develop new ways to impact networks. Many strains of ransomware not only encrypt data, but also steal it, then threaten the victims with a public release of the data if the ransom is not paid. In this case, data exfiltration has not been mentioned, but may still be an issue as the story unfolds,” said Kron in a statement. “Because ransomware attacks are most likely to start with a phishing email or an attack on an internet-facing, remote access portal, organizations would benefit from ensuring their employees are up to date with the threats by enrolling them in a high-quality security awareness program, monitoring any remote access portals for unusual behavior and requiring multi-factor authentication.”
Staunch warning
The White House has issued an open letter to U.S. companies urging them to treat the threat of ransomware attackers with greater urgency, especially considering the back-to-back attacks by Russian hackers on the Colonial Pipeline and JBS. Specifically, the White House is encouraging all companies to carry out recommendations from its recent executive order focused on cybersecurity, which include updating systems and segmenting networks in order to isolate adversaries if they breach the system.
The significance of Biden Administration’s notice is clear, explains Bill O’Neill, vice president of public sector at ThycoticCentrify. “Over the past year, our schools, law enforcement, unemployment offices, healthcare systems, critical infrastructure and more have been ravaged by cyberattacks, and its victims have paid millions of dollars in ransomware that they simply do not have,” he said in a statement. “Our digital global economy has become interdependent on the internet, which has directly led to a significant increase in vulnerabilities. This was evidenced recently in the Colonial Pipeline Co. and JBS USA ransomware attacks, making it clear that these incidents can disrupt the critical industries that keep our country running.”
According to O’Neill, these attacks make it abundantly clear that businesses are entering a new era of digital warfare. “New research even revealed that more than half of organizations have been grappling with the theft of legitimate, privileged credentials (53%) and insider threat attacks (52%) in the last 12 months, signaling more signs of concern,” he said. “President Biden and his administration have now made it clear that ransomware is a national threat. To avoid experiencing losses attributed to the next ransomware attack, organizations can take these steps to minimize exposure to ransomware attacks:
- Invest in security awareness programs that educate employees on how to avoid spear-phishing attacks and detect potential ransomware.
- Keep anti-virus and anti-malware software updated with the latest signatures and perform regular scans.
- Frequently back up data to a non-connected environment and verify the integrity of those backups regularly.
- Implement Privileged Access Management (PAM) best practices and solutions to control administrative user (i.e., sysadmins, DB admins, or user admins) access to critical and sensitive IT systems, applications, and workloads.
- Vault shared privileged accounts for emergency access only and enforce least privilege for administrators – grant just enough privilege, just-in-time, for a limited time, and leave zero standing privileges.”
According to Caroline Seymour, vice president of product marketing at Zerto, the growing sophistication of ransomware means all businesses–large or small, new or old–will eventually become targets of ransomware. “We’ve seen it too often recently with cyberattacks against major suppliers like JBS foods and the Colonial Pipeline. It’s encouraging to see the White House urging companies to take this issue seriously,” said Seymour in a statement. “Private and public sector companies will continue to be a target of cybercriminals because of their vulnerabilities, so these organizations need to prioritize their approach to recovery. The challenge many organizations face is that they rely on day-old or even week-old backups to restore their data. This results in inevitable gaps and data loss that can be highly disruptive and add significantly to the overall recovery cost.”
Added Seymour, “The way to beat ransomware is to be prepared for when–not if–an attack occurs, and the key to that means having a solution that’s always-on with enough granularity to recover to a point in time precisely before the attack occurred without time gaps. The best solution will be one that uses continuous data protection (CDP) and keeps valuable data protected in real-time. CDP allows organizations to replicate data as changes occur, delivering recovery intervals of mere seconds and getting them back on their feet as if no attack ever occurred.”
