- Unit 42, the research arm of Palo Alto Networks, says it tracked 890,000 ransomware attacks across state and local government over the past two years.
- Battling today’s sophisticated threats requires an integrated platform approach to cyber security, rather than disconnected point solutions.
- Unlike point solutions, security platforms enable data sharing and automation across multiple security components to quickly address new vulnerabilities.
After sharp spikes in ransomware attacks in recent years, the total number of incidents is trending downward in 2018. But that’s not necessarily good news because these attacks also are becoming more targeted and potentially more dangerous.
Unit 42, the research arm of Palo Alto Networks, says it tracked 890,000 ransomware attacks across state and local government over the past two years.
“But when we look just at the first six months of this year, we’re seeing a 20 percent decline compared to the same period in 2017,” says Josh Grunzweig, senior malware researcher with Unit 42. A drop in the sheer number of attacks is encouraging for government leaders who have updated their security strategies to better protect networks and reduce the need for employees to make split-second decisions about which emails or web links are risky. But more needs to be done.
The lure of profits is enticing international criminals to exploit new vulnerabilities, including those that surface as the Internet of Things (IoT) gains traction. Continued diligence is particularly important for state and local governments and education institutions, which are seeing more focused and sophisticated ransomware attacks this year.
For example, Unit 42 has been tracking a spike in SamSam, a ransomware family that’s been around for years but now has become a go-to for targeted public sector attacks.
“Hackers are using it to first determine how many computers are on the targeted organization’s network, and once they’ve identified a large number of systems, they’ll deploy the ransomware to all of them,” Grunzweig says. “We’ve seen hackers make some significant updates to SamSam in this past year.”
A Clear And Present Danger
In the last year, hackers targeted multiple state and local governments, as well as higher education institutions, with sophisticated exploits. For example, cyber-criminals used a variant of SamSam to take over IT systems at a state department of transportation, forcing 2,000 employees off the network while officials tried to isolate the attack. Particularly troubling was a follow-up attack on the department within two weeks that occurred before 80 percent of the systems infected in the first assault were restored. The department’s employees resorted to pen and paper to perform some of their duties during the downtime.
Three factors contribute to the prevalence of ransomware attacks against public institutions:
- The public sector is an easier target: State and local government, along with higher education institutions, are attractive targets for cyberthieves because IT resources are often underfunded compared to many commercial enterprises. Opportunistic hackers probe government and education networks hoping to uncover aging infrastructure or incomplete security measures. And when they find an opening, hackers have a variety of malware to stage an attack. Data thieves use asymmetric cryptography, which combines public and private data keys to encrypt valuable public sector information. To recover their data, victims must pay to receive the private key.
- Crypto-currencies enable extortion: It’s not just the latest and greatest forms of malware that make ransomware so successful. Digital innovations also provide criminals with new tools to turn extortion into a moneymaker. Cryptocurrencies like Bitcoin enable ransomware hacks because there isn’t a central authority to spot and prevent illegal activities.
- People are a weak link: Because social engineering is so successful at gaining access into protected public sector systems, it remains a common tool among ransomware hackers. Infected attachments, malicious Java scripts and links to infected websites all lurk in targeted, carefully written emails that result from upfront research by thieves.
Similarly, exploit kits, such as those associated with SamSam, troll networks for missing security patches and other gaps that enable a widespread ransomware infection.
Also on the list of public sector vulnerabilities are ubiquitous web-based file sharing applications that enable even security conscious staff members to breach internal information sharing policies without the IT department’s knowledge.
- Publish 3 Press Releases Over 2 weeks for $21
- Publish 2 Press Releases for $16 – Best PR Deal on the Internet?
- Publish Your Press Release on Google & Communal News for Just $11!
- Social Media Management – Business Brand Basic Package
- 401k Plans Fiduciary Review Services – 4 Hour Consult
- Build 5 Page WordPress Website for only $199
- Excel Spreadsheets & Automation VBA/Macros
- Publish 3 Press Releases for $20! – Connects with Google news, Goolge & Bing Organic Search plus Social Media Websites
- Social Media Business Boot Camp – Learn how to Leverage Social Media for Business Returns
- $12 for Google News & More Press Release – Possibly the Best PR Deal on the Internet
New Tools To Fight Ransomware
Battling today’s sophisticated threats requires an integrated platform approach to cyber security, rather than disconnected point solutions.
“Public sector organizations must take advantage of the multiple opportunities they have to prevent ransomware attacks,” says Scott Simkin, director of threat intelligence at Palo Alto Networks. “That can only be done with an end-to-end security platform.”
These platforms should include integrated modules for web security, next generation firewalls and the latest endpoint security capabilities, which work together to prevent attacks. Unlike point solutions, security platforms enable data sharing and automation across multiple security components to quickly address new vulnerabilities. Leaders should use platforms to help them:
Ensure endpoint protection: Because endpoint protection is a key component within integrated security platforms, public sector IT staffs should make sure this technology includes the latest capabilities. Evaluate endpoint applications for how easily they exchange security data with other network defenses. Ideally, endpoint and network security devices should work together to spot possible security threats, share insights and collectively take appropriate action according to the organization’s policies and directions from the security staff.
Leverage next-generation firewalls: Next-generation firewalls (NGFs) implemented within the overall security As public sector security officials formulate a comprehensive cybersecurity strategy to fight ransomware efforts, they must focus on three core areas: technology, people and policy. platform monitor network traffic to identify and block known and unknown threats, including zero-day malware. NGFs can quarantine suspicious software until further tests determine whether it’s a threat. Unlike traditional firewalls, NGFs assess data from any communications port and physical or virtual IT resource.
Incorporate artificial intelligence and machine learning: An effective security platform also will incorporate artificial intelligence (AI) and machine learning to identify network-traffic anomalies and signs of zero-day attacks. Besides detecting problems, AI and machine learning can automate appropriate responses,which is much faster than manual interventions.
However, Palo Alto Networks’ Simkin notes that “AI and machine learning are only as good as their algorithms and source data. Organizations need algorithms that can effectively analyze massive quantities, and that data should be sourced from actual public sector and commercial organizations throughout the world. Even the best algorithms will be useless without those rich data sets from network, endpoint and cloud resources.”
Furthermore, security platforms should provide a common data model so AI and machine-learning technologies can analyze one large information resource rather than try to spot trends across multiple, fragmented data sets, he adds.
Keep up to date on software patching: The effectiveness of cybersecurity platforms is augmented when CIOs and chief information security officers (CISOs) have reliable procedures for installing new and updated security software and technologies. One way to plug gaps is with automated patch management systems that relieve IT departments from manually installing updates, a task that can become overwhelming given the number of revisions vendors release. Commercial cloud services, including software-as-aservice (SaaS) applications, can reduce the patching burden on overstretched IT staffs as cloud vendors become responsible for the security software.
Manage inventory: CISOs gain another important level of situational awareness with inventory management tools, which create running inventories of all the equipment connected to the network.
“You may not initially see why it’s so important for cybersecurity to keep a current inventory, but there’s no way you can protect your assets if you don’t know what you have and where it’s located,” Finney says.
SMU uses a commercial application that installs software agents on every digital device connected to the network.
“When WannaCry came out last year, the first thing we did was check whether any of our machines were vulnerable,” says Finney. “Thankfully, we have a tool that allows us to answer that question, so we can focus our efforts appropriately when there’s an outbreak, rather than doing a complete fire drill.”
Leverage third-party threat intelligence services: Finally, because security threats evolve so rapidly and in such high numbers, public sector officials should consider using third-party threat intelligence sources. These resources can tip off security staffs to emerging threats anywhere in the world. The services also can automatically update security frameworks based on trending information.
For more information on How To Create a Modern Ransomware Security Strategy