As the culmination of an exciting month of cyber awareness programing, on Oct 26, odix hosted a lively discussion about the Future of Ransomware.
The Panel featured a broad spectrum of IT professionals, from Patrick Bosh, Editor of Cyber Protection Magazine and seasoned veteran of SAP, Amir Rashad, CEO of supply chain management company Centersource.io, Cybersecurity & Compliance Manager at CountryMark Stephanie Scere as well as odix CTO Omri Eytan.
The event focused on how Ransomware has evolved from minor cyber nuances to the go to attack vector used by cybercriminals across the world. With the threat landscape dominated by state actors, ad hoc hacker groups, and the increasingly profitable RaaS segment organizations and vested industry partners must think critically about what can be done the mitigate these risks and how ransomware distributors will adapt to the renaissance of governments and security vendors. This panel addressed those questions and more.
We’ll highlight some of the most insightful remarks below.
What are the biggest factors are that are amplifying ransomware attacks today?
“I would say it’s, to a large degree, social engineering attacks are using targeted emails as the most common threat agent to launch and exploit kits and deploy ransomware as payload. So a lack of awareness is the main of concern here, I believe. But I would also say it’s unsafe browsing habits, illegal software downloads, and removable media’s as well.”
“You know, ransomware, as a service isn’t new, but it’s increased significantly since 2019. You have your criminal affiliates who are buying it and leasers who are making a profit, you know, you don’t even have to have any technical ability anymore to find the vulnerability, they can purchase everything. They just had to figure out how to implement it on a system. Couple that with the significant amount of data breaches, and the ability to search social media in order to figure out who to implement a phishing attack on, and all of a sudden, you have the perfect storm for the amplification of ransomware attacks.”
“I think another factor, which also drives one somewhere, is the availability of cryptocurrencies. And this is something which you have had five or six years back at least not as easy. And now it’s that easy to get that definitely, it’s also effective.”
Who are the biggest players utilizing Ransomware attacks?
“I think the process itself will commoditize ransomware operations and distribution. Further in the future, just like we’ve seen it evolve from, you know, just ransomware developers deploying their own tools to leasing the tools to other actors that are just using it. And we only talked about no the ransomware kits themselves. But we’ve also seen a lot of, let’s call it, complementary kits, phishing kits, tutorials on how to spread ransomware through torrents, and various techniques to deliver that ransomware so it became really low bar to get into that business.
Also, investment-wise, the investment that you need to make to get in there is extremely low.”
“I think that we need to be aware that there are different types of hackers and that there are none, they’re less of a threat to the companies, because all of them can do irreparable damage to the reputation in our brand. So you think about it from this perspective, you’ve got the hacktivists that are motivated by social justice causes, and you have the Mount Everest hackers who are doing it just because they can to prove that they can. You have the hired guns who are mercenaries, and they’re doing it because they’re motivated by money.”
What steps can significantly reduce the potential impact of Ransomware attacks?
“I would say it’s very important to have a very clear off-boarding program for employees who leave to ensure that all their services are closed, that if they know any shared passwords that those are changed.”
“I would agree with a mirror but also shift that a little bit because it is not only offboarding. But it’s also we used to have this example of a trainee in the company. You know, he goes through every department, and for every department, he gets to authorizations needed for the department, but the authorizations are not taken away from him. When he leaves the department, so he ends up after his trainee program, he ends up having all authorizations right. So he’s basically an admin. So that’s something I think we also need to consider in addition to insiders, I think, inside us a very real threat, which might be underestimated.
When it comes to defending your assets. Not coming back to the question, who are the leading players, I think it’s comparable a lot to the sort of regular technology market, in the sense that I heard that there’s like something of, like only five or six ransomware strains out there. So also maintained by only five or six, really criminal, big organizations.”
What is the key to making cyber awareness campaigns meaningful?
“I really make it clear that cybersecurity is everyone’s job. And so, when they don’t understand that, at first, they think that our job is ‘Oh, there’s the Cyber Police, you know what I mean? And oh, there’s the person that, but having that constant conversation with him getting out in your organization and explaining them that your role is actually to protect them, and to protect the organization.”
“Education and Awareness Training, and so that people under staff understand what are the possible signals of what are the signals of the things I should avoid?. And secondly, if something happens, it should be reported. But it also needs to be understood how this can potentially affect my company? Because if you’re the next, you know, Merk, for example, everyone got locked out of their computers for a week or two. That’s such a big consequence.”
“I don’t really think that I or anyone is immune to attacks, and shouldn’t be seeking more cyber awareness programming. We’ve seen very, very high-quality phishing attempts. That you know that at first glance if you’re a bit tired, you don’t even look who’s the actual senator, don’t dig into it, just click on it. And then, you know, in an afterthought, kind of remember that you have already logged in, why not? Why is it asking me for my credentials again?
I don’t think that even training can cover all the bases. But I do want to circle back to the culture element of it. There is a lot to education and to understanding the risks from cyberattacks and ransomware. And I think it’s already pretty mainstream.”