Ransomware, Vulnerability Management

Prepare for the next ransomware attack, not the last

Today’s columnist, Reuben Braham of Cyberint, argues that building a Maginot Line the way the French did during World War II also won’t work in today’s security landscape. A wall alone won’t secure a company, they need a combination of digital risk protection and attack surface management.  (Credit: mcdolan79; https://creativecommons.org/licenses/b...

Just as military generals always prepare for the last war, CISOs and their advisers often tend to prepare for the last high-profile wave of ransomware attacks and shore up their cyber defenses accordingly. 

Although a one-stop solution like digital risk protection (DRP) has become essential for mapping an organization’s digital assets and protecting them against identified threats in the wake of this year’s high-profile ransomware attacks, it can offer only partial protection against new and unexpected attack vectors. These may include targeting a senior executive or key employee via their social media accounts or collaboration and chat tools such as WhatsApp or Slack. Other attack vectors include the growing Internet of Things (IoT) infrastructure. All provide potential entry points to the entire corporate network for every kind of threat actor. Organizations’ increasing reliance on external vendors and third-party suppliers as part of their everyday business has also opened up other potential attack vectors.

Therefore, it’s no longer sufficient just to secure the business internally with DRP. The rapid growth of supply chains across all sectors has created additional widespread vulnerabilities. For instance, the recent American Independence Day weekend supply chain ransomware attack on Kaseya, an IT solutions developer for managed services providers (MSPs) and enterprise clients, was reported to have compromised 800 to 1,500 small to medium-sized companies.

To be fully effective, companies must combine DRP with other defenses. By using DRP together with comprehensive attack surface management (ASM), organizations can guard against known attacks while safeguarding the growing number of entry points across their rapidly-expanding digital footprint. However, DRP and ASM are currently generally sold as stand-alone solutions, blindsiding users to sophisticated ransomware attacks.

No matter how effective DRP or ASM solutions are on their own, the situation is similar to France’s border defenses at the start of World War II. Wrongly believing the Ardennes Forest to be impenetrable by a mechanised force, France built a 280-mile-long line of overground and underground fortifications, known as the Maginot Line, designed as impervious to ground or air attack. Unfortunately, the line stopped at the Ardennes Forest, enabling the German forces to penetrate the Ardennes and circumvent France’s fortifications. In the same way, neither a DRP nor ASM solution on its own can provide anything other than an incomplete line of defense.

It’s only by combining ASM and DPR real-time organization-specific actionable intelligence that users can hope to protect their ever-expanding security perimeters against specific threats such as today’s increasingly sophisticated ransomware attacks. By offering DRP and ASM protection as stand-alone solutions, the cybersecurity industry has effectively sold its clients short.

However, even when successfully integrated with one another, DRP and ASM cannot fully provide the 360-degree protection needed to safeguard organizations against the kind of upcoming threats that expected in 2022.

With ransomware-as-a-service now widely available on the dark web and Telegram and cybercrime having become a trillion-dollar industry, professionally-organized and extremely business-like groups of skilled cybercriminals now routinely pool resources to create new and unexpected attack vectors. The only thing that these attack vectors have in common is that they deviate from known threats in ways that make them all but impossible to detect using off-the-shelf security solutions.

In addition to protecting rapidly expanding digital perimeters against known and anticipated attack vectors, it’s essential to identify future attacks as well as those that are already in the pipeline. But even the most effective threat-intelligence software can only detect generic attacks, easily missing the type of attack tailored to compromise a specific target organization.

For full effectiveness, any intelligence-gathering platform should be strengthened by “Virtual Humint,” where analysts proactively engage with threat actors on underground channels to gather additional information as part of deep dive investigations that aim at identifying incoming or planned threats. Many organizations, particularly those with relatively well-known brands, are now starting to deploy “Virtual Humint” in the form of cyber-sleuths adopting fake identities to infiltrate criminal forums where specific attacks are being hatched and orchestrated, enabling them not only to prepare for existing incoming attacks but also for newer threats that will be shortly coming down the pipeline.

No matter how effective in isolation, a single line of fortification such as DRP or ASM can only offer a partial safeguard for a modern organization’s rapidly-expanding security perimeters. To deliver fully-effective 360-degree protection against increasingly professional and well-funded adversaries, organizations should combine solutions such as DRP and ASM with real-time “virtual humint” intelligence gathering.

Reuben Braham, vice president of marketing, Cyberint

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.