Cyber resilience: uncovering strategies and technologies

Nic Boerma

If you’re like most SMBs today, your company’s data is your biggest asset.

Today’s businesses would be unable to keep going and maintain a competitive edge without embracing open standards and fast communication. These have been especially useful to small and medium-sized businesses (SMBs), allowing even the smallest companies to compete with much larger players and scale to meet global demand. Yet these same technologies have also created more vulnerabilities than ever before. For many businesses, downtime is simply not an option—but just saying so won’t make this a reality.

The old adage that “failing to plan is planning to fail” is even more true when it comes to security. Without strategies and technologies already in place before disaster strikes, the possibility of graceful recovery and restoration of operations is just a distant dream. Unfortunately, the ever-evolving nature of today’s threat landscape presents a greater challenge to today’s organizations that rely on data. Today’s SMBs need concrete resilience strategies to help them avoid growing pains and reduce their vulnerability to threats. In this eBook, we’ll explore the threat landscape, including recent changes to the field of cybersecurity; we’ll then examine the definition of cyber resilience and look at five core strategies to help businesses build and enhance their resilience in the face of today’s threats.

Download the eBook here.


Detecting Data Exfiltration – White Paper

Nic Boerma

#Dataexfiltration is a significant threat to organisations and is implicated in many types of #cybersecurity incidents. ]

For example, ransomware gangs use both encryption that causes operational disruption for the victim and the threat of exposing exfiltrated data if the ransom demand is not paid.


Preventing data exfiltration remains a weakness for many organisations, despite having a complex set of cybersecurity tools already, including data loss prevention (DLP) solutions. A new approach is needed to stop the threat and consequential damage of data exfiltration.

In this white paper, @BlackFog report on a survey on data exfiltration and introduce the category of #Antidataexfiltration (ADX) cybersecurity solutions.


Detecting Data Exfiltration – Why You Need the Right Tools

Nic Boerma

Detecting Data Exfiltration – Why You Need the Right Tools

Cyberthreats have become a leading concern for businesses of all sizes and across all sectors. But while familiar threats such as ransomware can disrupt operations and cost firms time and money, the real risks come from attacks that go further than encrypting files or shutting down machines.

Hackers that seek to exfiltrate data from businesses are a particularly dangerous threat. However, in many cases, the legacy anti malware and intrusion detection and prevention tools that businesses have in place are not well-suited to tackling these problems.

Why Firms Need an Anti-Data Exfiltration Solution

Data exfiltration plays a key role in so-called double extortion ransomware – one of the fastest growing and most dangerous cyberthreats. Once criminals have valuable data , which may be anything from intellectual property such as trade secrets to employee or customer financial information, they have a range of options.

They could, for instance, sell the material on the dark web or take it directly to competitors. However, in many cases, the preferred tactic is to threaten public release of the data unless their ransom demands are met. This can put much more pressure on businesses to give in, as simply turning to backups won’t be enough to make the problem go away.

With many companies feeling they have no choice but to pay up, this has quickly become the most preferred tactic of ransomware groups. In fact, BlackFog’s research showed that last year, out of 292 reported ransomware attacks, more than 80 percent threatened to exfiltrate data, and in 2022, this has risen to 88 percent.

The damage this causes can be severe. It can open enterprises up not only to significant direct financial losses, but ongoing lost business and reputational harm that can take years to recover from. This is in addition to any regulatory action that may be taken if companies aren’t able to protect individuals’ private data.

The Limitations of Traditional Defences

Stopping data exfiltration can be a major problem for many businesses that continue to rely on traditional perimeter defence tools to protect their operations from attack.

The biggest issue with these tools is that they tend to be focused on preventing intruders from breaking into the network in the first place – and no matter how effective they used to be, they have proven ineffective at preventing the types of attacks we see today.

If criminals can bypass intrusion detection and prevention systems, they often have free reign to move within a network and extract valuable data. For example, research by the Ponemon Institute suggests it can take almost 300 days for businesses to detect a data breach within their systems, and then a further three months to effectively contain it.

Firms may look to address these issues with data loss prevention (DLP) tools, but these have been shown to be highly ineffective at stopping the exfiltration of data by advanced criminal organizations.

As well as being difficult to configure and maintain, they are also ill-equipped to deal with threats that originate within the business. Malicious insiders may often find it easy to circumvent these tools with their internal know-how.

Spotting the Tell-tale Signs, You’ve Been Breached

To prevent these problems, organizations must put in place specialized tools that are designed specifically to identify and neutralize data exfiltration attempts, whether they come from external threats or from malicious insiders.

An effective anti-data exfiltration (ADX) solution works by monitoring all activity within your business, especially looking at traffic leaving the network perimeter. While there are of course, many legitimate reasons why data might be leaving the network – from sharing files with customers to updating cloud backups – these will usually have a familiar pattern.

ADX works by using smart analytics to study the behavior of traffic as it exits the network. By learning what normal activity looks like, it can quickly spot anything unusual. For example, this may include larger-than-normal volumes of traffic, data transfers taking place outside working hours, or information being sent to unrecognized or overseas IP addresses.

It automatically blocks these transfers 24/7, stopping attacks and preventing breaches without any action required from the organization. Because ADX works on devices themselves, it’s lightweight and efficient enough to be deployed on every endpoint that might be used to exfiltrate data, including mobile devices.

Find out more about how anti-data exfiltration software is a must for protecting firms from the latest cyberthreats.

Contact: Cloudsales@mustek.co.za

+27 11 237 1000


Major Moments That Changed the History of Ransomware

Nic Boerma

Ransomware has seen a rapid rise over the last few years to become one of the most dangerous cyberthreats any business faces today. But this is not a new issue.

Indeed, ever since the first ransomware was delivered via floppy disk in the late 80s, authors of these attacks have sought to constantly evolve their tactics to evade detection and increase the chances of their victims paying out.

To Discover the major moments in the history that have changed the history of Ransomware read the article.

Article:

5 Major Moments That Changed the History of Ransomware

Ransomware has seen a rapid rise over the last few years to become one of the most dangerous cyberthreats any business faces today. But this is not a new issue.

Indeed, ever since the first ransomware was delivered via floppy disk in the late 80s, authors of these attacks have sought to constantly evolve their tactics to evade detection and increase the chances of their victims paying out.

This may include developing more destructive strains of ransomware, adding double or triple extortion threats or targeting their attacks at organizations likely to suffer the biggest impact. It’s therefore vital that organizations ensure they’re up to date with the latest trends and techniques.

However, companies can learn a lot from previous incidents about how ransomware attacks are carried out, the type of businesses they target, and the damage they can cause. Here are a few of the most consequential variants and attacks, and what they’ve taught businesses.

1. Cryptolocker

The 2013 spread of Cryptolocker was one of the first mainstream ransomware variants, and may have been the incident that alerted many cybersecurity professionals to the threat posed. It spread as a Trojan sent via malicious emails and sought out files on infected PCs to encrypt.

It was thought to have targeted a quarter of a million devices over a period of four months, earning its authors around $3 million in the process. This therefore highlighted how lucrative ransomware could be and how many firms would be willing to pay up in order to regain access to their files.

2. WannaCry

Perhaps the most costly ransomware attack in history, the 2017 WannaCry attack was characterized by the speed and scale at which it spread. It reached over 150 countries, affecting organizations such as telecommunications companies and healthcare providers.

While the true number of victims remains unknown, it’s estimated to have cost the global economy more than $4 billion to fix, with the UK’s National Health Service alone costing around $100 million.

The ransomware spread using a vulnerability in Windows, with older machines especially vulnerable. It therefore illustrated the importance of keeping up to date with essential cybersecurity best practices such as regularly patching equipment, as well as reminding firms just how quickly they can lose control of their systems if proper defenses aren’t in place.

3. Petya/NotPetya

WannaCry was far from the only major ransomware to surface in 2017, as the emergence of the Petya the year before swiftly led to the related NotPetya. In this case, it was not only files that were encrypted, but entire systems, as the malware targeted a device’s Master File Table (MFT), making user access impossible.

However, while Petya required a user to open the infected file, the more serious NotPetya was able to spread on its own. What’s more, while Petya infections were recoverable with difficulty (or a payment), the damage NotPetya did to systems was permanent.

In this case, the point was disruption, with NotPetya believed to be a state-sponsored attack targeted at Ukrainian organizations. It marked a new phase of ransomware, with the techniques being used as a weapon of cyberwarfare and not just a way for criminals to make money.

4. Colonial Pipeline

The impact of ransomware outside of IT operations has been growing for some time. Attacks on public services such as local governments throughout the US have illustrated how the problem can seriously impact the lives of citizens, but the knock-on effects that can be caused to critical infrastructure can also be wide-reaching.

In 2021, this resulted in fuel shortages and panic buying up and down the east coast of the US when energy firm Colonial Pipeline came under a ransomware attack. The impact even reached areas not served by the firm as worried citizens sought to stockpile what was available. The company felt compelled to pay a $4 million ransom in order to restore operations and consumer confidence.

While this was agreed with the organization’s insurance provider, and much of the money was later recovered by the FBI, it clearly indicates the severe pressure that businesses can be put under with a ransomware attack.

5. REvil

As ransomware has grown more profitable for hackers, the groups perpetuating these attacks have become ever-more organized, and one of the most notorious and successful ransomware groups has been REvil. Coming to attention in 2020, the Russian-based group offered a Ransomware-as-a-Service model to other criminals and favored double extortion methods that saw them exfiltrate data from targets and threaten to release it publicly unless payments were made swiftly.

At one point, around a third of ransomware infections seen by security researchers used REvil’s malware. One of the most noteworthy attacks was aimed at managed services provider Kaseya in 2021. This spread through the supply chain to the organization’s customers, with up to 1,500 businesses affected.

While the REvil network was said to have been shut down by Russian authorities in early 2022, its tactics to put extra pressure on companies to pay up or face further consequences have been widely emulated and have made ransomware an even more dangerous threat for many businesses.

With ransomware a continually evolving threat, cybersecurity teams can’t afford to stand still. Therefore, they need to take steps to understand their risk profile, identity where weaknesses lie, and put in place strong defences.

Coming under ransomware attack is now a case of when, not if, so it’s vital firms learn the lessons of the past and make sure they’re prepared.

To learn more about How BlackFog can protect your organisation from Ransomware attacks contact Cloudsales@mustek.co.za

BlackFog is Proudly distributed by Mustek


Ready to Outsmart Cybercriminals in 2021

The ancient Chinese military strategist Sun Tzu once said, ‘The ancient Chinese military strategist Sun Tzu once said, “Know thy self, know thy enemy. A thousand battles, a thousand victories.”

Although technologies and battles have changed, these words and their meaning are immortal. The same is true for the ever-evolving cybersecurity challenge. After all, the best way to combat hackers and cybercriminals is to understand your own vulnerabilities.

Ready, set, scam.

Cybercrime is a lucrative business and cybercriminals are always on the hunt for their next victim. With threats advancing quickly, it’s perhaps not surprising that the average security team is struggling to manage 57.1 different security tools to try and avoid becoming the next victim. With a global cybersecurity market worth a massive $173B and  dozens of security tools in place in IT departments, why are so many organizations still being held to ransom and hitting the headlines for breaching data privacy regulations?

Prevention is the best form of defence

 

BlackFog believes that preventing data breaches and maintaining data privacy requires a new way of thinking. To stay ahead of cybercriminals, CISO’s inevitably have to change the way they think about data security. The traditional defensive approach of protecting the perimeter with firewalls and anti-virus software simply isn’t enough.  It is well known that 80% of successful attacks bypass existing systems, despite the best efforts of IT departments. In fact, recent research from BlackFog has discovered many attacks now disable existing security services before even mounting an attack.

It has become a truism in the security industry that there are two types of companies: those who know they’ve been hacked and those who don’t. The defensive paradigm no longer works. What we need is a new paradigm. The hackers are going to get in so the focus must be on preventing them from removing any data.

Instead of relying on existing perimeter defence techniques, new approaches focus on prevention by using behavioural profiling to stop the attack at different stages of its lifecycle using data exfiltration. For an attack to be successful, a hacker needs to communicate with an external server, for key exchange, payload download or simply to remove data. By blocking this exfiltration, you can significantly mitigate the risk of a data breach. This approach allows the CISO to move from a defensive to proactive approach, regaining control and neutralizing the attack, a welcome reversal of roles.

We know from experience that a hacker who wants to infiltrate a device or network will get in, eventually. The challenge is in preventing the attacks in the first place and ensuring attackers cannot remove data from the device, eliminating data breaches all together.

By looking at the problem from a new perspective and using the right tools, CISO’s and their security teams can out manoeuvre cybercriminals to ensure they aren’t named and shamed in the next data breach headline.

To learn more about Black Fog or to purchase please complete the form below and a consultant will make contact with you