As the cyber-security landscape evolves, so too does the type of breaches companies are having to deal with, on an almost daily basis. As hackers continue to up their game in pursuit of stealing personal data for financial reward, enterprises are finding themselves under constant attack. Ensuring corporate security solutions rise to the challenge is a reality that organisations of all sizes face.
Ransomware is a tactic being used more and more to prise data from enterprises. Examples such as recent incidents at numerous US hospitals in the US highlights how vulnerable healthcare institutions are due to the highly sought-after personal data they store. While UK-based enterprises may have had a lucky escape so far, we are certainly seeing a shift in ransomware targeting individual consumers, to these larger corporations and public sector organisations.
The nature of cyber-security means that we are observing new and emerging trends on a regular basis - with businesses often playing catch-up and falling victim to security breaches. Over the last few years, it’s clear that there has been a real shift in tactics used by these cyber-criminals and it is worth taking a step back and recognising what’s in store for enterprises as cyber-crime becomes more aggressive.
Ransomware wins the battle for the corporate wallet
Ransomware has managed to hit a sweet spot, and is showing no sign of slowing down. As hackers get more savvy and look to expand their target market, we are starting to see a shift from consumer ransomware to corporate malware targeting an entire organisation. With this, the monetary value is becoming more damaging as prices go from a tolerable £500 to a more crippling sum, as hackers target invaluable data sets, and threaten to leak and/or delete the files unless a payment is made. It’s a logical progression, as users have been all too willing to pay the expensive but not excessive ransom in exchange for the return of their precious data and corporations appear willing to do the same.
The wildly profitable CryptoLocker is one example of ransomware that has attracted clones since it was largely knocked offline following the international security collaboration known as Operation Tovar. Many of these clones, including more popular variants such as CryptoWall and TorrentLocker, have followed the proven formula, but we’re starting to see variations such as ransomware focused on Linux and mobile platforms. The former is especially important as it’s more likely to impact the websites and code repositories of enterprises, who in our experience, are also willing to pay up rather than risk losing critical intellectual property.
"Businesses need to employ sandboxing technology and dynamic data analysis in order to counter-act aggressive corporate ransomware attempts."
Businesses need to employ sandboxing technology and dynamic data analysis in order to counter-act aggressive corporate ransomware attempts.
In the coming months, we will continue to see ransomware become increasingly corporate focused, and as it does, enterprises won’t get away with paying consumer prices. Hackers will narrow their attacks to target enterprise servers and in doing so, will demand much, much more. The criminals behind ransomware campaigns are savvy and now that they’re realising that they can lock up enterprise source code and important financial documents, they know they’re in for a big payday.
One way that enterprises can fight back against criminals inflicting a ransomware attack, is by backing up files, not just as a one-off, but continuously and regularly validating the effectiveness of those backups. Taking away leveraging power, by simply enforcing back ups, brings the control back to the organisation and away from the hackers.
Yet, security solutions are failing when it comes to ransomware. Businesses need to employ sandboxing technology and dynamic data analysis in order to counter-act aggressive corporate ransomware attempts.
Cyber criminals fall into the wrong hands
Terrorist organisations have shown themselves to be increasingly tech savvy when it comes to using the World Wide Web and social media for recruitment and propaganda efforts against corporations and individuals.
Whilst they might not have all of the required skills themselves, there is no shortage of cyber-criminals who are sadly all too willing to rent their skills out to the highest bidder. This could be a lucrative opportunity for hackers with questionable morals.
We’re already starting to see early signs of cyber-attacks being used to cause physical damage. One example of this is the advanced persistent threat (APT) attack on a German Steel Plant that targeted furnace functionality systems and resulted in a fire at one of its warehouses. This form of physical threat is only going to increase. As the popularity of Internet connected SCADA systems and the Internet of Things (IoT) grows, so will enterprise endpoints which provide hackers with millions of doorways to now exploit.
Encryption is no longer the realm of geek speak
In the coming months, the debate around new legislation that proposes weakened encryption protocols and procedures which will grant law enforcement access to decrypted communications as and when they feel it is necessary, will come to head.
Using strong encryption for messaging and data storage is no longer the realm of geek speak, but is an expected security feature to keep our data secure.
This heated debate continues. On the one hand you have security services and national governments seeking passage to access the encrypted data of users in the interest of national security. While on the other hand, many oppose the ruling due to the implications that these valuable data sets could have, if they were exploited and happen to fall into the wrong hands.
While politicians used to dance gingerly around the topic, given the privacy abuses exposed by the Snowden revelations, recent terrorist attacks, including the events in Paris, have brought this issue to the forefront once again.
iOS, for example, now encrypts data by default and Android while lagging behind, is fighting to get there after Google released its new compatibility requirements for 6.0. Popular chat applications like WhatsApp tout encryption as a key feature and Apple’s iMessage app, which features end-to-end encryption, is often referenced by these law enforcement when arguing for ‘back door’ access to data.
This is one battle that will have serious repercussions for years to come. Here’s to hoping that Apple, Google, Microsoft, Yahoo! and the like manage to prevail.
The cyber-security space never fails to throw a spanner in the works
In the coming months, enterprises will be kept busy fending off ransomware, wary of terror taking to the web and finding themselves engulfed in the middle of the decryption debate. As the cyber-security landscape continues to become overcrowded, businesses need to remain vigilant, back up anything and everything and maintain their updated security solutions. With applications continuing to make their move to the cloud, security solutions must also make this leap to ensure a flexible and complete security framework for enterprises in the years to come.
Michael Sutton, CISO at Zscaler