When a giant like Colonial Pipeline, the largest pipeline operator in the United States, falls victim to ransomware with such catastrophic results, even triggering a crisis in the fuel market, the warning goes out to all other companies, all over the world. And it can no longer be ignored.
The Colonial Pipeline case is evidence that ransomware has become a web, made up of interconnected problems, where there are no easy solutions to the complexity that this type of attack has gained over time. It has long since left the virtual. It affects the physical world too, with the power to stop cities and affect entire markets. And it is likely to get worse from now on.
Colonial Pipeline's $5 million ransom payment to threat actors is likely to encourage other attackers to carry out similar attacks on critical infrastructure networks, not just in the United States. A recently released study points out that in Q2 2021, 1,000 organisations in several countries were impacted each week by at least one such offensive. Brazil is one of the preferred territories of attackers. In 2020, we were the ninth country that suffered the most ransomware attacks, with more than 3.8 million incidents.
The devastating power of a data hijacking is incalculable. There are hundreds of cases of companies that have been victims and have never managed to get back on their feet.
Colonial Pipeline case - why ransomware has become an epidemic
The cybercriminals who introduced the ransomware into Colonial Pipeline's IT network chose their target carefully, because that's how these groups operate. The logic is simple: the bigger the company, the greater the number of hacking attempts. And when infection finally occurs, it spreads like wildfire. In the case of the US giant, the gunpowder was flaws in the segmentation between IT and OT environments.
But there are other doors through which infection happens. Technological obsolescence is often one of them. Many companies' virtual environments operate with outdated technology that is patched infrequently. Cybersecurity risk levels go below acceptable.
Technology updates are rapid, so not all organisations can keep up. Just think, it wasn't that long ago that many businesses had the option to only implement data backup and recovery solutions so that in the event of a ransomware attack, they could focus on restoring systems rather than paying ransom to criminals.
That was a pretty solid strategy for a long time, and it's still valid. But as part of a larger security architecture. Alone, it is far from sufficient considering the threat surface that businesses are in. Also, because criminal groups have developed alternative methods to pressure companies into paying the ransom in ransomware cases. Among them is the tactic of double extortion.
After the ransomware encrypts the company's data and issues the ransom demand for payment in exchange for the decryption key, the cybercriminals make an additional threat to publish or sell the most sensitive information if the target refuses to make the ransom payment. That's double extortion. With this tactic in play, it doesn't matter if the company has invested in backups as a precautionary measure.
It is always worth remembering that there are numerous reasons not to pay the amount requested in data hijacking. Firstly because paying supports illegal business models. And second, we already know that hundreds of companies that have paid ransom have fallen victim to the same scam again and again, sometimes applied by the same group of cybercriminals.
Protection that keeps pace with the evolving risks of the digital world
Security is not a single method, but rather a dynamic and agile process. To be considered secure, an environment needs to be analysed and monitored continuously and uninterruptedly, using intelligence and highly trained professionals to manage vulnerabilities and incidents in companies. Strategies must be designed according to each corporate context.
The unpreparedness for the digital transformation contributes to increase the moment of insecurity. Protection does not always keep up with the speed of technological advances and the risks they bring. Which means security in all phases, processes and environments of an organisation.
True, many data breaches are caught by existing security tools. The problem is that the alert, in many cases, is not addressed, or is forgotten. Threats go unnoticed and remain in a company's environment for months because there is a lack of 24/7 coverage, there is little internal knowledge of protective operations, and security teams are not well structured.
Information security today must be based on what we call the security triad: people, processes and products. This wide range of talent, technology and professional experience, aligned with the business, raises the maturity of security and the brand level in the market. ISH Vision is a solution that offers this level of personalised service, considering the role and moment of each organisation. The knowledge of the Threat Intelligence team, with highly qualified professionals, researches and collects information continuously. Added to this is the learning from Artificial Intelligence (AI).
The result is aDetection and Response Service (MDR) that eliminates alert fatigue and false positives, and promotes near real-time response. And in cases of ransomware, it identifies the attempted intrusion early, preventing deep business damage.
There is no silver bullet, it is true. But Brazil already has solutions that match the complexity of cybercrime, capable of minimising the risks of attacks. Talk to one of our experts and see how to protect the business from the reality of your company.