Ransomware is a bunch of codes or type of program that performs data transformation operations and threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
By Rishi Kant, senior manager, cyber security consultant, EC-Council Global Services
We are observing an increasing spate of cyber threats that use new and refined techniques, elevating the threat of cyberattacks to a completely new level. These are almost all motivated by monetary gain.
Some of the past cyberattacks include:
- Ukraine power grid blackout in December 2015, considered as the first known successful cyber attack on a power grid. Cyber attackers hacked into the systems of three Ukrainian energy distribution companies and temporarily disrupted electricity supply.
- The Bangladesh Bank heist in February 2016 by Lazarus. Instructions were issued via the SWIFT network to transfer US$951 million from Bangladesh Bank, the central bank of Bangladesh. Hackers successfully
withdrew $101 million from the bank’s account at the Federal Reserve Bank of New York: $20 million was traced to Sri Lanka and $81 million to the Philippines.
Only $38 million was recovered so far, and the damage could have been worse had the New York Fed not blocked the remaining transactions amounting to $850 million at the bank’s request.
Recent disclosures of system vulnerabilities gave rise to ransomware, wiper-ware, advanced persistence DDOS, ransom DDOS, Hybrid RAT techniques. These are spreading like a plague of cyber-diseases around the world, such as the infamous WannaCry ransomware, Petya wiper-ware and RDos by the Armada Collective. They are widely used for large monetary gains.
We need to rethink
Cyberthreats are emerging quickly because of the higher rate of disclosure of vulnerabilities (DOV). This is due to a lack of knowledge in secure code writing and cyber security, insufficient or ineffective information security control, improper control monitoring and a lack of proper contingency plans.
With the growth of automated cyber attacks, the idea of humans having the ability to effectively deploy detection and mitigation technologies and choreograph responses in real-time will disappear. These new attack modalities (APDoS, Burst Attacks, volumetric pipe attacks and other threats) will make it increasingly difficult to defend against by using manual mitigation solutions.
To combat these threats, organisations will require a single-vendor hybrid cyber security solution that protects networks and applications from a wide range of attacks.
Ideally, such a solution should include all the different technologies needed for effective detection and mitigation. This includes antimalware protection, denial-of-service and distributed-denial-of-service (DoS/DDoS)
attack protection, behavioural analysis, intrusion prevention system (IPS) and encrypted attack protection.
Additionally, organisations will also need to establish new levels of partnership with their DDoS mitigation service provider and with any ISP that provides managed DDoS services to coordinate an effective detection and mitigation of a multi-vector assault.