Organizations are in danger of allowing the spectre of ransomware attacks to distract them from keeping up with general security measures, according to SE Labs. The company says that businesses that challenge their own security environments, and make adjustments where necessary, will be better protected against regular attacks.
“Businesses need to stop thinking that ransomware is somehow different from any other attack,” says Simon Edwards, CEO of SE Labs. “The hacker’s playbook hasn’t changed much over the years. Run some reconnaissance, gain access, escalate privileges and steal or destroy information. If they can establish persistent access at the same time it’s a bonus. Attackers don’t use magic because they don’t need to. Tried and trusted hacking methods rule the day.”
Ransomware is merely the ‘steal or destroy’ stage of an attack where an attacker runs a program that encrypts the victim’s data. Everything up to that point is the same regular attack, whether the intent is to start a ransomware campaign, spy on an organisation silently or use the compromised system as a steppingstone to another network.
“People tend to think that hacking involves super-secret programs and the kind of arcane knowledge known only to a handful of shadowy computer nerds. But you can set yourself up as a pretty competent attacker with a handful of widely available books, some free software and access to YouTube,” says Edwards.
While this might sound like bad news, the attacker’s typically straight-forward and predictable approach is good news for defenders. In many cases, security vendors use tried and trusted detection and protection methods to defend against ransomware because they work.
“The real problem arises when a sufficiently motivated attacker learns to bypass the protection in place,” Edwards concludes. “It’s then an arms race in which security products block attackers, who then learn how to progress, which then inspires the vendors to adapt. And so on. Just as it’s been for decades. But enterprises can also play a role in preventing attacks by challenging their own security environment.”
Rather than fixating on one issue such as ransomware, organizations should focus on ensuring their own environments are locked down sufficiently to prevent any type of attack, regardless of its payload, from being initiated. Confirming that security measures and policies still meet the needs of the business on a regular basis will help shore up defences.