Increased Ransomware Attacks Lay Bare the State of Cybersecurity

Every few years a slew of major threats, including APTs, IoT Security and Cloud Security, draw the attention of security vendors, start-ups, media and board meetings. Today, it can be safely said that Ransomware is dominating the discourse, particularly after so many high-profile events have been part of the news cycle, as well as several stories on healthcare providers being wronged by such attacks. 

Ransomware is not a new phenomenon, and nor are its delivery systems; even demanding ransom isn’t new. The technical novelty presented in Ransomware events, encoding files on a hard drive, can’t be considered very sophisticated. However, despite handling a threat that we had several years to prepare for and defend ourselves from, Ransomware is amazingly popular because it works, and it is very lucrative for the threat actors. 

In earlier threats, the security industry has confronted challenges of new technical competences emanating from cybercriminals. In the heyday of banking malware, new ground-breaking features such as HTML injections and Man-In-The-Browser were presented by their developers, causing vendors to struggle in detecting fake activities. APTs emerged as a major threat because they were able to dodge conventional cyber defence principles, which focused on the perimeter and had no “strategic depth” of finding threat actors after they were already in the systems. IoT and Cloud security required new methods as the settings that they sought to defend were quite different from the settings that security solutions were intended for. In contrast, ransomware has none of these challenges.

The term ransomware was initially used to describe a specific type of malware that encoded the victim’s hard drive and demanded a ransom to decode the infected files. Once companies started to alleviate the threat by applying more demanding backup policies, the attack loosened and began to include data exfiltration as well. Whether a ransom is wanted for data decoding or the deterrence of the data’s publication, there are similar technical challenges of delivering an effective attack, as well as foiling it.

The key delivery technique of ransomware is through spear phishing. A malware-affected document is sent as attachment to one of the company’s employees, which is triggered once the document is opened. This type of delivery technique has been part of the default method of most APT groups since they came into the limelight in almost 2010. While the industry has generally focused on the standard change that it had to experience in order to alleviate APTs, shifting from safeguarding the organization’s perimeters to securing the organization’s internal networks as well, many vendors specifically dealt with spear phishing as well. Despite directly dealing with these threats as well as the abundant time that has passed since they were first detected – ransomware establish that this issue has not been solved in several organizations. Attack vectors from over a decade ago are still tremendously successful, even when they are executed by cybercriminal groups and not developed countries.

The attack vector is not the only component of the attack. When data exfiltration is used to hold the organization for ransom, we again meet a method that has been disseminated by APTs. The act of exfiltration is a vital part of these age-old threats and should hypothetically be spotted by the solutions aimed to alleviate it. The fact that many ransomware events include the publication of internal data from files and documents demonstrates that even after over a decade, the security business fails to defend many organizations.

It’s not claimed that the industry fails to halt attacks on a technical level. We only hear about the successful attacks and possibly many more attacks are stopped compared to those that were successful. Nevertheless, the fact that so many large and prestigious businesses fall victim to an attack that in many cases does not represent any new technical challenge suggests that there are still many issues that need to be fixed. The fiasco is not technical in nature, but a business one. 

One of the main challenges of cybersecurity is the fact that attacks can come in several forms and trajectories. Numerous bases need to be covered in order to be secured. Cybersecurity has become very multifaceted, in terms of applying solutions to shield one own’s organization that we have authorizations now to ensure everything is applied properly.

If we really want to defend businesses all together, not just specific customers, to ensure a safe cyberspace for all, the security business needs to stop focusing on the trending topics and begin working on solving the real problems. Until these issues are resolved, ransomware and malware will continue to inflict damage and illustrate just how bad the overall security situation is.