Ransomware misstep results in a moral conundrum
Attivo Networks Blogs

Ransomware misstep results in a moral conundrum

Security Solutions logo

By Jim Cook, Regional Director ANZ, Attivo Networks.

It’s a question we’ve all asked ourselves: when will ransomware gangs go too far and provoke a stronger response than payment ­– or defiance – from an individual target?

In May 2021, we got our answer.

Ransomware attacks on hospitals during Covid met with universal condemnation as “despicable and evil”. Even before the pandemic, cybercriminals divided over ethics, but that didn’t stop the attacks. Government cybersecurity advisories also took a keen interest in the health and aged care sectors, but attacks continued.

If attacking healthcare organisations during a pandemic wasn’t already a step too far, hitting oil supplies to much of the US proved to be that misstep, that “miscalculation”. The malware creators quickly knew it, too, and while they tried to backpedal with a brief mea culpa, by then, they’d already attracted a kind of unwanted scrutiny that they couldn’t shake. The result was inevitable.

How this ultimately impacts the multiple gangs operating in the ransomware space remains to be seen.

Certainly, they can expect increased short-term scrutiny, which has led some high-profile gangs to eschew the spotlight and set non-target lists. One group now bars attacks on “government, healthcare, educational and charity organisations regardless of their country of operation.”

But as some groups draw up new rules of engagement, others continue to attack hospitals, proving morals are an unreliable defensive strategy, particularly if not all adversaries agree to them (and if it remains financially lucrative to continue attacks).

And so, despite the assurances of cybercriminals – and a brief reprieve while they wait for the heat to pass – healthcare providers and critical infrastructure providers will inevitably wind up on target lists again.

Before that occurs, there is a small window of time to make improvements to security and defensive postures.

The health factor

Healthcare organisations are attractive targets for malicious attackers due to the high value of personal medical data they possess and the need for uninterrupted operations.

They are also highly vulnerable to attacks due to complicated factors such as a broad diversity of workers, the need for on-demand access to information, and having to protect legacy medical devices that lack robust security features.

The financial rewards for stolen information are high – healthcare-related records sell at a premium in dark web forums, as much as $1000 each, due to the amount of personal data contained within.

Attackers also leverage ransomware to deny healthcare organizations access to critical data unless they pay, annually costing the industry millions of dollars and endangering patient care.

Sizing up industry

Utilities like Colonial Pipeline – the target of the recent ransomware misstep – use industrial automation and control systems or IACS as part of their core operations.

IACS comprises large numbers of devices that generally have a long lifecycle of 15 years or more and installed bases that can run into the tens of thousands of devices per company.

The ability to harden these devices may be a challenge since the functional design was the primary

mindset of component manufacturers, which often did not allow for turning off unneeded (networked) services. Security also traditionally relies on “air gapping” from other networks such as the internet, but many of these gaps have disappeared to enable new functionality or data use.

In addition, high replacement costs may slow the pace of the adoption of newer technologies, leaving older, more vulnerable devices in use.

IACS often manages 24×7 operations and has very short maintenance windows, potentially leaving devices without required patches or updates for long periods, increasing risk.

Attacks on these systems target day-to-day operations. Lengthy shutdowns can have massive downstream impacts on consumers.

A deceptive proposition

While security challenges differ, both healthcare and critical infrastructure sectors are finding utility in innovative solutions like Deception Technology to defend against attackers.

Instead of using typical approaches to identify abnormal behaviour, a deception platform distributes decoys and lures throughout the network, creating an extensive minefield that works to misdirect attackers. Any touch of a deception asset provides engagement-based alerts with relevant forensic data, virtually eliminating false positives and increasing the incident responder’s ability to address a compromise with confidence.

Deception Technology is operationally efficient and accurate, acting as a force multiplier for healthcare organisations to protect themselves against the unrelenting stream of attacks targeting protected health information and patient data and critical infrastructure operators to guard against the inevitable resurgence of adversary attention.

Read the original article on Security Solutions.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

fourteen + 12 =

Ready to find out what’s lurking in your network?

Scroll to Top