Intelligent CISO Issue 43 - Page 21

It ’ s never been more important for businesses to take steps to minimise the ransomware threat and protect their employees and their customers . most complex issues , there ’ s no silver bullet for cybersecurity . But organisations have the power to turn the tide . More often than not , ransomware attacks succeed when the victim isn ’ t effectively prepared . Therefore , organisations should expect ransomware attempts to target their networks , and prepare accordingly .
cyber trends connect to a company system . Although a spokesperson for Colonial Pipeline has said that this VPN was an older model than the one employees were using to connect to the network , the attack method highlights how any employee working offsite and using their own networks can be a potential risk .
The rise in Ransomware-as-a-Service
Whilst tried and tested ransomware distribution tactics – such as malicious websites , email campaigns and even USB memory sticks – are still alive and kicking , over the last year or so , other , newer methods have also increased in popularity . One such method is Ransomware-as-a-Service ( RaaS ).
A subscription-based model that enables affiliates to use already-developed ransomware tools to execute attacks , RaaS gives everyone the power to become a hacker . There ’ s no technical knowledge required ; all individuals need to do is sign up for the service . Platforms are closely modelled after legitimate SaaS products . They include support , community forums , documentation , updates and more . Some even offer supporting marketing literature and user testimonials . Users can choose to sign up for a one-time fee or for a monthly subscription . There are also special features which you can pay for such as a status update of active ransom infections , the number of files encrypted and payment information .
RaaS has opened the floodgates when it comes to ransomware . In fact , research discovered that almost twothirds of ransomware attacks in 2020 used RaaS tools . As well as popularity , RaaS attacks are growing in notoriety and were behind some of the biggest headlines this year . REvil and DarkSide – two key players in the RaaS space – were responsible for the attacks on the Colonial Pipeline and JBS . The size and sophistication of these attacks should concern all cybersecurity professionals , and their relative success highlight how the RaaS market is only likely to grow moving forward .
Detection and prevention
With RaaS becoming so established , organisations battling against ransomware need to level up . As with

It ’ s never been more important for businesses to take steps to minimise the ransomware threat and protect their employees and their customers . most complex issues , there ’ s no silver bullet for cybersecurity . But organisations have the power to turn the tide . More often than not , ransomware attacks succeed when the victim isn ’ t effectively prepared . Therefore , organisations should expect ransomware attempts to target their networks , and prepare accordingly .

Detection and prevention are two critical parts of the ransomware puzzle . One effective way that IT teams can protect their network is by increasing visibility . This is where DNS ( Domain Name System ) tracking comes in . DNS is a core network service which means that it touches every device that connects to a company ’ s network and the wider Internet . What ’ s more , some 90 % of malware , including ransomware , touches DNS when entering and exiting the networking , making it a powerful tool in the cyberdefence toolkit . When applied to security , DNS can help protect against ransomware attacks by detecting and blocking communication with known C & C servers that distribute malware , helping to stop an attack before it even starts .
To take DNS-based security to the next level , businesses can merge DNS with DHCP ( Dynamic Host Configuration Protocol ) and IPAM ( IP Address Management ). This combination of modern technologies – known as DDI – can pinpoint threats at the earliest stages , and paired with DNS security can identify compromised machines and correlate disparate events related to the same device .
When it comes to ransomware , business leaders should zero-in on specific protection , but also zoom out to secure the entire IT stack . Achieving full visibility and defending from the network edge will likely be a priority for security teams moving forward . Using core infrastructure like DDI as the security control plane will give organisations the upper hand and enable them to protect their networks and their employees from the latest ransomware threats . u www . intelligentciso . com
21