The Steamship Authority of Massachusetts ferry service affected by the ransomware attack on Wednesday affecting its logistics and services in the United States. In response to this ransomware attack, cybersecurity experts commented below.
<p>The ROI involving organizational ransomware attacks is substantial because of widespread poor digital hygiene controls, poor training, minimal regulation, and because the cost of buying your way out of a ransomware attack is trivial for many organizations in comparison to other types of disasters. If we look back to the Colonial Pipeline scenario, paying a $5 million ransom payment to get operations back up and running on a pipeline that ships 100 million gallons of gasoline and other petroleum products per day may seem like a drop in the bucket—but it will also fuel countless attacks on other entities in upcoming months and years. As long as paying ransom is viewed by organizations as a cost of doing business, the incentive means that these types of attacks will continue to proliferate.</p> <p> </p> <p>Then again, the cost of taking a proactive approach to securing your network and the software that powers your business against attacks is likely to be considerably less than the cost of paying for a quick fix and a tarnished reputation.</p>
<p>Once again, we see the impacts of ransomware in a very public form. Fortunately, this was not one that endangered lives. Ransomware has grown from a small problem to a global threat in a short amount of time, as the attackers improve their tactics and develop new ways to impact networks. Many strains of ransomware not only encrypt data, but also steal it, then threaten the victims with a public release of the data if the ransom is not paid. In this case, data exfiltration has not been mentioned, but may still be an issue as the story unfolds.</p> <p> </p> <p>State and local governments have been hit hard by ransomware as their budgets and staffing are often stretched to the point of breaking, leaving the security and IT teams in a very difficult situation to defend against these attacks.</p> <p> </p> <p>Because ransomware attacks are most likely to start with a phishing email or an attack on an internet-facing, remote access portal, organizations would benefit from ensuring their employees are up to date with the threats by enrolling them in a high-quality security awareness program, monitoring any remote access portals for unusual behavior and requiring multi-factor authentication.</p>
<p>We are starting to see that everyone is fair game in the minds of threat actors – particularly when it comes to ransomware. You don’t have to be viewed as “critical infrastructure” to think you’re a target; everyone is now a target. This is additional evidence proving the point that even routine or mundane government services are not exempt at becoming targets for ransomware attacks.</p>
<p>Ransomware is making a resurgence in 2021 again with big attacks like the one on the Colonial pipeline, Bose, and JBS. The fundamental issue remains that attackers are crafting unique and targeted ransomware on a per victim basis and most cybersecurity defenses are based on signatures and threat intelligence which does not work for these zero-day and variant attacks. Until we use predictive AI to detect these unique pieces of malware at the earliest possible opportunity this problem will persist. Everyone recommends prevention but clearly, these are not implemented or not effective so we have to rely on detection and response.</p>
<div>The ongoing ransomware attacks are systemic of a Russian doll of problems. The inner problem is a lack of comprehensive hygiene aligning to frameworks such as NIST. Large gaps in security architecture at private and public sector organizations need to be rapidly addressed to make it much more difficult to succeed. The recent guidance from the Biden administration to roll out EDR, zero trust, log collection and analysis and multi factor authentication have been ignored best practices for years. Every executive needs to rapidly deploy these controls.</div> <div><br /><br />The intermediate layer in the systemic failures is lack of coordination between law enforcement and private organizations. Law enforcement agencies need to prioritize threat and crime intelligence collection from private organizations to get ahead of these criminal campaigns. Cybersecurity vendors should be researching and developing innovations to reduce risk and costs associated with this “neighborhood watch” approach.</div> <div> </div> <div><br />The outer layer of the broken system is national security and intelligence agencies need access to data collected by law enforcement in the underlying layer to inform military and diplomatic strategy and campaigns.</div> <div> </div> <div><br />We are quickly learning that a paralysis of safely sharing information (while protecting liberties and privacy) are as important to thwarting evolving cybercrime as it was in combating terrorism after 9/11.</div>
<p>Since May, Armis has monitored 13 ransom gangs. During this month, we found that 193 organisations across 35 countries and 26 vertical industries were impacted by these 13 gangs.</p> <p> </p> <p>The cyber ransom attacks that impact us as a society in a physical way are the ones that attract the most news. However, that is not always a good thing for the ransom gangs, as we saw with the backlash to the DarkSide attack on Colonial Pipeline, but these \"CyberPhysical\" notorious attacks are just the tip of the iceberg. Now, organisations of all shapes and sizes are being attacked on a daily basis. In Europe, Transport as a sector is deemed an essential operation and falls under the NIS legislation. Therefore, transport operators are required to have appropriate and proportionate cyber defences in place, or face stiff penalties.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics