The threat landscape is always changing. While malicious activity is continuous and we know it will continue, the methods and rates of which threat actors target victims has begun to take center stage. According to the findings of the data breach investigations report, the number of ransomware attacks more than doubled. Why are they steering their attacks with these methods?
The answer to this question may be simpler than it looks. The hacker of today has become even more proficient at figuring out how to get through the current layers of security within the modern enterprise. Given the ability to enter an organization’s network, hackers are turning to ransomware as a means to further monetize their efforts Over the last year, nearly half of organizations have failed to add capabilities to their network security stack, despite the fact that threat actors are increasing their skills. This lack of maintenance and diligence has resulted in an increase in pay days for hackers, making these attacks more appealing.
The turn to hybrid and remote work opened a new can of worms for security teams while at the same time opening a new door for ransomware. During the transition to remote work organizations saw the introduction of new applications surge, further expanding attack surfaces causing the amount of protection needed to power secure work for distributed teams to explode. The perfect storm for threat actors to identify how to use it. This has led to a rise in what we call “Highly Evasive Adaptive Threats” at Menlo Security. Cyberthreats that use web browsers as their attack point are known as HEAT threats. Various techniques are used to help avoid detection in the current security stacks. The second half of 2021. saw an increase in HEAT attacks. This percentage shouldn’t come as a surprise. Over the past year, security stacks have remained the same for most organizations, meaning that many have yet to strengthen their security posture, leaving the door and attack surface open for HEAT attacks that are fueling the ransomware surge.
Digital currency is attractive to hackers due to its ability to be untraceable, and this has led to more attention being given to Ransomware. The actors behind three of the largest ransomware attacks of the year called for the use of cryptocurrencies for the delivery of their funds. Over the past couple of years, cryptocurrencies have made it more possible for people to get a larger amount of money from global corporations and hospitals. There is a level of increased anonymity that comes with the transferring of these digital assets, user privacy is the foundation to a number of these currencies, and we are in a time when government regulation and scrutiny around Cryptocurrencies are still in their adolescent stages. The way in which hackers view their risks has been impacted by the new method of payments. With lack of regulatory standards and the ability for victims to pay a larger sum with the likelihood of an attack being traced back to the source, cyber criminals feel empowered to ask for more.
The first part of the solution is to know how this revolution came about. We need to take effective action. Should you become the victim of an attack, how do you create a strategy that will best position your organization to win? It is time to move away from the detection/mitigation status quo and toward implementing threat prevention. A preventative approach allows security measures to already be in place so should a threat arise your security stack is already working to prevent it in real-time.
A combination of the SASE framework and zero trust is critical for this preventative approach. SASE allows for security to be placed closer to the edge, meaning that protection for applications or data are more in proximity to the user, furthering the effectiveness of security procedures. This means that organizations can take their legacy security stacks and put them in the cloud as an integrated stack instead of using a security perimeter. If you combine this with zero trust, you have a winning combination. You assume threats before they are present if you adapt a zero trust methodology and assume that there is no existing security perimeter. When SASE is partnering with zero trust, you move your security closer to your applications by subjecting content to security management review.
It is time to beat the hackers at their own games as this evolution of threats and interest in Ransomware continues to emerge. The proper steps to build modern security approaches that meet modern threats need to be steered by the security leaders in companies of all shapes and sizes. It is time to abandon the outdated approaches that teams have grown accustomed to and instead challenge security processes to begin developing a preventative foundation necessary for cyber criminals.