Extortion-based cyber attacks: The next evolution in profit-motivated attack strategies
Today, data breaches have impacted just about every industry possible. From entertainment to the restaurant industry, no sector or organization appears to be safe, and it has been predicted that cyberattacks are going to get even worse.
Adding chaos to the mix
Recent high-profile ransomware attacks, such as WannaCry and NotPetya, demonstrated the continued global expansion of high-stakes hacks.
These attacks signaled that hackers were turning to havoc-causing methods to cause chaos and garner bitcoin profits from their victims. With the successful launch of these two attacks, ransomware has continued to gain traction, but companies are beginning to catch up through heftier investments into cybersecurity preparedness. Therefore, traditional malware that encrypts files is becoming easier to detect and stop earlier in the attack.
Due to this, and the fact that the stakes have been raised with Equifax and other high-profile data breaches, we should expect to see hackers turn to more volatile forms of cyberattacks. Since there is so much personally identifiable information (PII) available on the dark web already, hackers don’t receive the same return on exposing or selling it as they once did. Now, hackers will go after even more valuable information and confidential corporate data or threaten complete destruction to receive a bigger pay out.
The worst is yet to come
In 2018, the environment for cyberattacks will be considerably more destructive as hackers aim to create even more chaos in order to continue to turn profits. IT security teams will inevitably witness more guerilla-like tactics where cyber criminals may use more extortion-based methods. This means we’ll see hackers threaten to destroy data, launch DDoS attacks, and other forms of threats to get payment from their victims.
Instead of simply encrypting data and holding it hostage, these hackers will show their victims a little snippet of their plan by removing a small portion of data first, and then demand ransom to prevent further deletion. Organizations need to take these threats very seriously as unpreparedness may turn out in the ruin of an entire brand and company.
Prepare today for tomorrow
To prevent these malicious forms of attacks, enterprises need to prepare today to keep their company data safe for tomorrow. So, how do you stop, or at least mitigate, these attackers whose end goal is composed of disorientating and pressuring teams into handing over the information and/or bitcoin payment they’re seeking? There are a few key steps companies and their IT security teams can take:
- Evaluate the capabilities of your staff, infrastructure, and processes to ensure they are prepared when hackers start attacking network endpoints. If companies find they don’t have the right talent in place to identify indicators of attack and compromise, they won’t be able to remediate advanced attack scenarios. Increasing investments in technology, and adding services to supplement the shortcomings of in-house staff, can help ensure organizations aren’t left vulnerable to hackers.
- If the team is struggling to identify indicators of attack and compromise, the fine-tuning of the company’s security information and event management system (SIEM) is likely needed. This can be achieved through building use cases, correlation rules, and by developing an escalation runbook that will depict the workflow in the event of an incident. As new attack scenarios come up, use cases and correlations rules need to be continually updated so the SIEM tool knows what it should be looking for. Otherwise, IT security teams won’t be able to identify which alerts are relevant attacks and which ones are not.
- Once the SIEM is fine-tuned and knows what to types of alerts to be looking for, the security team must know what to do in the event of an advanced attack scenario. Knowing what next steps to take will help stop hackers as early in the kill chain as possible. If they’re not stopped, hackers can quickly laterally propagate across a network, take data hostage, and use it against an organization.
- Once the staff is trained, the proper infrastructure has been put in place, and the correct services investments have been made, the cybersecurity program should be prepared for 2018-level attack scenarios. However, that doesn’t mean IT security teams can have a “set it and forget it” mentality. Security programs need to be continuously tested internally just like they’re going to be tested by hackers trying to gain access to a network. At the end of the day, hackers don’t play by a set of rules, so anticipation and constant evolution is key. Enterprises should (at a minimum) perform an annual assessment with a group of ethical hackers to closely mimic a real attack. Doing this on a regular basis can provide clarity into whether the company is prepared and strong enough to handle a potential cyberattack.
Evaluating the strength of your organization’s current cybersecurity posture, and knowing which infrastructure, technology and services investments need to be made, can help companies understand how to better protect themselves. Hackers don’t wait for a company to piece together a cybersecurity program when planning their next move. As these cyber criminals lean towards more destructive, extortion-based hacking methods, enterprises need to be ready, and continuously update and test processes to ensure the safety of their company’s sensitive data, their brand, and their future.