Preserve business continuity by protecting operations and developing a reputation for security among your clients. Here’s what to know about recent attacks so you can adapt your security strategies.
As the threat from ransomware continues to grow and evolve, it is more important than ever to protect customer data and maintain continuous operations. Preserve business continuity by protecting operations and developing a reputation for security among your clients. Here’s what to know about recent attacks so you can adapt your security strategies.
Ransomware techniques constantly progress and evolve, allowing cybercriminals to utilize more tactical and discreet approaches. In the past decade, hackers used a randomized approach, attacking different types of enterprise businesses, to see if they gained entry to one that could be a good target for a ransomware attack. Today, enterprise ransomware attacks have not only become more specialized, but they’ve also become micro-targeted.
Threat actors select a target and watch them over time, uncovering vulnerabilities and planning an ideal time to attack. Enterprise businesses have been subject to standard asymmetric encryption algorithms, searching for overlooked system vulnerabilities (phishing email, leaked access credentials, etc.). Often, the threat actors that were able to find these vulnerabilities are different than the ones perpetrating a ransomware attack. That is how sophisticated and specialized this process has become.
Once they have access, hackers adopt a mostly “lateral movement” technique, silently establishing their presence throughout the network and encrypting all devices at once. Once the threat actor has access, they can plan an attack for a crucial time when the business is most likely to pay a ransom.
JBS USA processes 1 million pounds of the nation’s meat supply, which is equal to a quarter of America’s beef. The meatpacker was hit by the infamous Russian ransomware group known as REvil. JBS was forced to halt operations for one day at 13 plants, causing disruptions and delays. They ended up paying $11 million in bitcoin to avoid further disruption and mitigate damage to other food suppliers (farmers, grocery stores, restaurants). “We felt this decision had to be made to prevent any potential risk for our customers,” said the CEO. Enterprise businesses can learn from the experience of JBS. Being proactive with protection is important and knowing where your vulnerabilities lie is the first crucial step toward improving security hygiene and minimizing the effects of attacks.
One of the most impactful ransomware attacks of 2021 was the Colonial Pipeline attack. DarkSide ransomware group froze the financial IT systems of the Colonial Pipeline, impacting millions of drivers by causing gas shortages throughout the southeastern U.S. The attack caused the Colonial Pipeline to shut down the fuel supply on the east coast for six days. After a few days of uproar and chaos, Colonial Pipeline paid the group $4.4 million.
The Colonial Pipeline attack had a larger impact on the ransomware community than originally expected. The attack caused increased scrutiny from government operators, which forced DarkSide underground. Additionally, many ransomware operators went dark for several months to wait out the period of intense scrutiny. However, you shouldn’t let the absence of high-profile attacks lull you into a false sense of security. After this high-profile attack went wrong for DarkSide, security experts now expect threat actors to go after lower-profile (but still lucrative) targets, which could mean that your business is next. What can you learn from the Colonial Pipeline attack? All of your systems, endpoints and assets are important – not just those in operations. A complete defense includes comprehensive security coverage.
Kaseya, an IT solutions developer for MSP and enterprise clients, experienced a supply chain breach over the Fourth of July weekend. Attackers recognized a vulnerability in the software Kaseya was using and leveraged it against them. They were able to compromise IT solutions used by multiple MSPs and their customers, using network-management packages as conduits to spread ransomware throughout cloud-service providers. As a result, an estimated 800 to 1500 smaller-sized companies worldwide may have been compromised through their MSPs (partnered with Kaseya). This attack calls attention to the need to secure businesses of any size – and to demand the utmost in security from service providers. You’re only as safe as the weakest link in your network, so coverage is essential.
It is important to take all the necessary precautions to minimize the likelihood and effect of a ransomware attack. Failure to do so can cause serious damage to not only your business, but others down the supply chain. TorchLight can help protect your company by:
Contact us to uncover and protect your business’s vulnerabilities from bad actors.