It’s safe to say organizations have had their fair share of cyber attacks this past year—from threats discovered early last year with VMware (CVE-2021-21985 and CVE-2021-21972), which provided access to compromised environments and sensitive data, to the Apache Log4j vulnerability, which sent IT professionals scrambling to patch every system that might have a vulnerable release installed. These incidents don’t even touch threats like ransomware, which compromised the Colonial Pipeline network and forced gas prices to skyrocket above $3 a gallon for the first time in seven years—we’d all appreciate $3 a gallon these days! The year has been fraught with security challenges and the outlook continues to be troubling for the remainder of the year.

The threats landscape

The current threat landscape is just as treacherous as it was last year, and cybercriminals are increasing their position to do anything they can to take over systems and steal valuable business resources or data. Verizon’s Data Breach Investigations Report reported the financial impact on organizations averaged $1.2 million from ransomware attacks. This seems bad, but it gets worse. The computer manufacturer Acer was hit by the REvil ransomware attack in early 2021 with a demand of $50,000,000—the highest ransom demand known to date. An indication that higher sums are on the horizon.

Threats aren’t going away. The same hacker group that targeted Colonial Pipeline received $4.4 million from Brenntag after demanding $7.5 million, and CNA Financial paid hackers $40 million in 2021. Hackers know that companies will pay to have their systems restored to normal, so these bad actors have an incentive to continue compromising networks.  

Navigating the threats landscape to improve your security posture

While this all seems daunting given the cost and resources around these threats, there is hope. You can improve your security posture to make it as difficult as possible for cybercriminals to gain access to your network and compromise business-critical systems. The more arduous it is for hackers to gain access, the more expensive it is for them to keep coming after you. This might not be a full deterrent, but when malicious actors are looking for targets, ease of entry is a starting point they consider. After all, the more they put into the attack, the less they will gain even after you pay. That’s why locking your car or hiding valuables from plain view deters thieves on the streets—they don’t want to put in a lot of effort for little gain. So, let’s look at a few ways to navigate this landscape and bolster the security posture of your organization. 

Educate your employees

This might come as no surprise, but employees are one of the most vulnerable targets for cyber attacks. According to the latest McAfee Advanced Threat Research Report, the top MITRE ATT&CK for initial access was spearphishing attachment with spearphishing link as number three. These attacks—along with other phishing attacks—target specific, vulnerable employees that have access to critical resources. Educating your employees to help them avoid falling victim to phishing emails is a critical step in preventing hackers from gaining access to your network. 

Deploy appropriate IPS, firewall, and endpoint security solutions

This is another no-brainer, but properly securing network equipment and enabling appropriate firewall rules will make it more difficult for hackers to get onto your network from the outside. Additionally, having a zero-trust approach to security will make it much more difficult for compromised devices to get to the data hackers are looking for. By having multiple layers of security on the network, hackers will need to wade through much more to find what they want, and this makes it more likely to detect their movement across the network as they try to avoid these security solutions.

Use Network Detection and Response to catch them in the act

Finally, it’s important to note that having all these security solutions does nothing if you can’t track the lateral movement of the hackers as they move across your network. Detection is only possible if you can see how network traffic moves around on your network. Hackers aren’t likely to gain immediate access to a system they want to compromise, so they must move from one device to another until they believe they have gained access to a critical asset that you would be willing to pay a ransom for. Once they have access, bad actors can lock you out or move the data off-site (or both). 

To track lateral movement across the network, you need a network detection and response (NDR) solution. With a flow-based NDR platform, you’ll have visibility across the entire network. Without this pervasive visibility, you won’t be able to properly identify and track malware as it moves from one device to another, and this is critical when hunting for malware. 

When looking for ways to find malware, and in particular pernicious ransomware, you need to be able to understand the tactics, techniques, and procedures that the malware is employing to breach your network and access critical data. Flow-based solutions are ideal for doing this as they are more cost-effective than packet-based analysis and can scale more readily while maintaining complete visibility. By taking advantage of flow-based NDR, you’ll be able to combat whatever the next threat is, and be able to identify when and from where the threat was coming. 

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related