When technical cyber security fails you…
It is not unreasonable to say that ransomware is at epidemic levels, report after report says that malware, ransomware and cyber extortion is on the rise (Beaman, Barkworth, Akande, Hakak and Khan. 2021 and Oz, Aris, Levi and Uluagac. 2021), so we all take precautions to protect our organisations. Many of those cyber security defences are highly technical, involving sophisticated anti-virus, anti-malware detections and monitoring of system behaviour to detect malicious actions. If you are well advised, you will also employ advanced threat detection to examine and protect your cloud and communications services.
However there is a worrying aspect to the work undertaken by Beaman et al., they produced their own experimental ransomware kit that evaded eight of the most popular anti-virus packages. If these academics could do it for study and publishing credit, you can bet that, for money, threat actors can create malware that will evade your technical defences.
We will come back to your defences being side-lined in a minute – let’s just think about how the threat actors can get this ransomware into your organisations?
We will discount to obvious – infected USB memory sticks, because no one reading this allows their people to plug just anything into their computer and so into your systems – you have all seen Iron Man and Pepper Potts stealing data from Stark Industries in this way.
So what does that leave that is easy, can hit many, many people at the same time, making it cost efficient for the threat actors? Email phishing.
A UK Government’s report looking at cybersecurity breaches across the country, (UK Government. 2022), prepared by Department for Digital, Culture, Media & Sport (and sport!) showed clearly email phishing is a real threat:
“Of the 39% of UK businesses who identified an attack, the most common threat vector was phishing attempts (83%).”
Cyber Security Breaches Survey 2022 (UK Government. 2022)
So simply sending your people an email, that is pretending to be an order from a customer, or from the bank or HMRC, is a proven way to get ransomware into your organisation. If this malicious package can evade your technical defences (see above and Near-undetectable malware) and the message is such that the recipient will open the Word document or click on a link to malicious website, the threat actor has won and you have lost.
This is where the training and experience of your people becomes the front line of your cybersecurity defences. If they recognise that “click on this link to check the status of your delivery” or “there is a problem with your payment, please check the attached invoice.pdf” could pose a substantial cyber security to your organisation, then you have an extra layer of defence that the threat actor cannot access, if they are well trained.
Are you well trained?
Are your people well trained?
Clive Catton MSc (Cyber Security) – by-line and other articles
References:
Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & Security, 111, 102490.
Oz, H., Aris, A., Levi, A., & Uluagac, A. S. (2021). A survey on ransomware: Evolution, taxonomy, and defense solutions. ACM Computing Surveys (CSUR).
UK Government. (2022). Cyber Security Breaches Survey 2022. Retrieved July 9, 2022, from https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022
