So, I bet you are thinking, come on Jaye what does Halloween have to do with cybersecurity? Well, for me working in cybersecurity can be as thrilling as some of those Halloween nights and just as scary at times. Even as unsettling as I still find watching scary movies now. I am constantly on the edge of my seat, I need to have eyes everywhere and I am aware that an attack can come at any time. To me, the threats we face in the hybrid world we live in today are just like being in one of those scary movies I love watching so much. 

Just like the horror movies I used to watch, here are real-life cybersecurity threats that keep me up at night!

An Insider Threat is just like a ghost in your house. You may hear noises, and you may know something is there, but you may not be able to see it! It’s frightening. It may be lurking around any corner. You don’t know if it’s a friend or a foe. You don’t know if this is a malicious attack on you or something normal.

A Ransomware attack is like being attacked by a vampire. As soon as it gets close to you it’s going to grab hold, bite you, and suck out all of your blood (data). Your blood is what keeps you (the business) alive. Without it, you will most certainly be left for dead.

A DDoS attack is like a plague of zombies pounding against your outer perimeter fence and it’s this fence that protects you (the firewall) from attack. The horde of zombies is so big and so loud that it will stop people from being able to get access to key resources that they need to keep them alive. 

So, how do we protect ourselves against these scary monsters in today’s hybrid world? How do we make it easier for us to sleep at night? To not wake up having cold sweats? Here are some things you can do to fight back against these monsters with a Security Service Edge (SSE) platform.

With Insider Threat you can’t fight what you can’t see and you’re not going to be able to call the Ghostbusters. So what will help? You need visibility. You need to see who is accessing what. Where they are going and what they are doing. Enhanced visibility with SSE is truly the key for your IT and Security teams helping ward off the ghosts.

For Ransomware attacks, you are going to need to protect your throat! You don’t want to get bitten! You need to stop those vampires from getting close enough to bite you! You need to stop that lateral movement. If these Ransomware vampires get too close then you need to make sure you have a mechanism in place to stop them from taking your blood (data). Granular access control with SSE can help keep your life source (critical data) from being taken and minimize impact of attack.

For a DDOS attack, you want to hide from that plague of zombies. You want to remove that attack surface. You want to be able to exit your perimeter to search for food and resources but without any doors being visible from outside. After all, zombies can’t attack what they can’t see. Make your network invisible with SSE by never exposing IPs, ever.

If you want to know more about how you can face these scary monsters with a Security Service Edge (SSE) platform, and if the ghostbusters don’t answer your call, then please feel free to reach out and have a Coffee with Jaye! 

The post Defending yourselves from cybersecurity ghosts, vampires, and zombies appeared first on Axis Security.

Last week, when Russia advanced past Ukrainian borders we began to hear about the coordinated, hybrid attacks – spanning both cyber warfare and physical warfare – that lead up to the event. Phishing emails sent to the State Administration of Seaports of Ukraine sent earlier in February as a sort of advanced attack against Ukrainian ports. A new data wiper malware installed on hundreds of machines across Ukraine – reported within hours of Russia invading.

A malicious concoction of tools used to create disarray while striking fear and uncertainty into Ukraine.

The growing threat

The US, and its allies, have since announced that they have imposed sanctions on Russia as a sign of disapproval of the conflict. Given Russia’s demonstrated history of using advanced persistent threats to threaten critical infrastructure, US cybersecurity leaders have asked companies to remain vigilant, and to take action to improve their defense against the potentiality of retaliatory attacks against US businesses. 

While no official decision has yet been made at the time of this blog, it’s also worth mentioning that there could be more sanctions on Russia coming down the pipe. There are talks about the possibility of removing Russia from the SWIFT banking system. Formed in 1973, SWIFT connects more than 11,000 financial institutions in more than 200 countries and territories worldwide so banks can be informed about transactions. 

According to USA Today “Barring Russia from SWIFT would damage the country’s economy right away and, in the long term, cut Russia off from a swath of international financial transactions. That includes international profits from oil and gas production, which make up more than 40% of Russia’s revenue.”

This could place financial pressure on Russia, causing them to resort to alternative sources for revenue. One of which could be ransomware.

Understanding the risk landscape

I applaud the CISA, FBI and the NSA for joining together to help IT security leaders reduce the risk of potential ransomware threats. The January 11th advisory alert (AA22-011A) and February 16th advisory alert (AA22-047A) demonstrate that US leaders are doing everything they can to provide information to public agencies and private sector companies to help protect critical infrastructure against the expected increase in Russian State-sponsored attacks.

We recommend that all companies, especially those who do business in Ukraine, remain particularly vigilant. It’s widely known that Russian State-Sponsored advanced persistent threats (APTs) have been used to exploit several traditional access solutions as a means of gaining access to networks, and unleashing ransomware attacks that propagate across them. Once on the network, the threat can lock down the victim’s critical infrastructure or sensitive data.  The advisory alerts remind its readers of the vulnerabilities known to have been exploited in the past. See some examples below:

• CVE-2018-13379 FortiGate VPNs
• CVE-2019-1653 Cisco router
• CVE-2019-2725 Oracle WebLogic Server
• CVE-2019-7609 Kibana
• CVE-2019-9670 Zimbra software
• CVE-2019-10149 Exim Simple Mail Transfer Protocol
• CVE-2019-11510 Pulse Secure
• CVE-2019-19781 Citrix
• CVE-2020-0688 Microsoft Exchange
• CVE-2020-4006 VMWare (note: this was a zero-day at time.)
• CVE-2020-5902 F5 Big-IP
• CVE-2020-14882 Oracle WebLogic
• CVE-2021-26855 Microsoft Exchange (Note: this vulnerability is frequently observed used in conjunction with CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)

It’s important to note that the examples above highlight how phishing emails are not the only tactics that sophisticated threats actors are utilizing. The below image explains the anatomy of how Phishing-based attacks and VPN-based breaches work.

Several companies have reached out to us for guidance. We’ve prepared some tips for how to help them protect themselves from sophisticated attacks, in addition to the recommendations from CISA, FBI and NISA.

Three ways zero trust protects against ransomware

1. Reduces the attack surface: You can drastically reduce the risk of ransomware if you can minimize the attack surface by ensuring that your apps are not exposed to the open Internet. This means removing remote access technologies that require placing users on the network (a large reason why ransomware attacks succeed), and replacing them with a zero trust network access (ZTNA) service.
   
   Security Tip: This reduction in attack surface should be coupled with the ability to also inspect, and if needed, block malicious exploits lurking in SSL. By both reducing the need for connectivity, thus minimizing the attack surface, and inspecting traffic, you’ll be able to better protect your environment.
   
2. Reduces lateral movement: Aside from reducing exposure to the Internet, you can also reduce the blast radius of a threat. This is where per app segmentation comes in. ZTNA services that offer this level of segmentation allow you to ensure that remote employees, or third-parties, are never placed onto the corporate network. Customers have a built-in means of both preventing ransomware threats from accessing the corporate network, and completely reducing the chance of the threat moving laterally across the LAN.
   
   Security Tip: Ensure that the zero trust vendor you are using for access has per app segmentation ability. Some zero trust solutions can only provide access to an application server, not an individual application. If that’s the case, sophisticated attacks can still reach other applications running on the same server. Additionally, zero trust vendors that use virtual firewalls to inevitably connect traffic to a network are still susceptible to ransomware threats. Avoid these types of solutions.
   
3. Reduces data loss – You can protect sensitive data from being exfiltrated by ransomware with a zero trust service with inline inspection and DLP controls that disable download, block copy & paste if data, and tell you right away what data, if any, is being exfiltrated to an external source.

The below image showcases the three ways that zero trust protects against ransomware threats, in practice.

With the proper zero trust access solution enterprises, and government agencies, can better protect themselves from ransomware threats. 

As the world hopes for a peaceful resolution we must also prepare ourselves for a new reality. One where targeted ransomware threats increase. Please make sure you have a plan in place, and that it involves embracing zero trust within your environment.

To learn more about zero trust, and experience it for yourself, request a free demo from our team – https://www.axissecurity.com/schedule-a-demo/

The post How to Prepare for The Evolving Threat of Ransomware appeared first on Axis Security.