“A Successful Ransomware Attack Almost Always Involves a Variety of Attack Vectors”
Mohamed Morad, the Senior Solutions Architect for MEA at SentinelOne, speaks about securing digital economies
How has the security threat landscape evolved over the past few months?
In the past few months, the threat landscape has evolved significantly. We have observed many malware campaigns, spam campaigns, and outright scams that preyed on the fears and uncertainties of the global population.
Looking back over the last 12 months, we have seen the cybercrime story unsurprisingly dominated by social engineering and malware campaigns themed around the COVID-19 pandemic. But other things were going on this year. From an explosion in RaaS (ransomware as a service) offerings and victim data exploitation with operators like Maze and Egregor, to a unique macOS ransomware/spyware campaign and, notably, the SUNBURST SolarWinds Orion supply chain attack.
Bad actors are increasingly adopting sophisticated techniques as well. Modern adversaries are automating their strategies, tactics, and procedures to evade preventative defense. This necessitates enterprise security teams to keep up with attacks by taking a proactive approach and bolster their security posture.
What sort of security challenges are people facing when working from home and how is your company equipped to handle those challenges?
According to a survey by Gartner, 88% of businesses globally implemented work from home policies due to the pandemic. Remote and hybrid working are still prevalent and will likely determine the future of work.
An increased number of remote working staff presents an opportunity for malicious actors to take advantage of compromised endpoints. This is because employees use unsecured devices and often their personal devices while working from home.
Phishing campaigns are also a threat for all employees, whether they are based in-house or remote. However, staff who are not accustomed to working at home and are now dealing with an increase in email and other text-based communications can easily lose perspective on what is genuine and a scam.
To counter these threats, organizations can secure work-from-home computers and provide security awareness training to employees. More importantly, enterprises should gain visibility to their network and connected devices and adopt a comprehensive automated endpoint protection platform. Ultimately, enterprises can safeguard themselves by having the correct tools and strategies to defend every endpoint against every type of attack at every stage in the threat lifecycle.
How has ransomware evolved during the pandemic period and what are you doing to tackle the problem?
Ransomware attacks continue to pose a threat to modern organizations, especially during the COVID-19 pandemic. Ransomware-as-a-Service is becoming increasingly popular, allowing relatively unskilled bad actors to access complex tools and the environment to run their campaigns. Also, there has been an apparent surge of investment in many of the platforms themselves, upgrading their core ransomware systems to stay ahead of the game and evade detection.
The increasing diversity and total volume enabled by RaaS and affiliate schemes, along with the low risk and lucrative returns, only serves to suggest that ransomware will continue to evolve and increase in sophistication for the foreseeable future. Additionally, some ransomware criminals take advantage of the challenges and vulnerabilities created by BYOD, IoT and Digital Transformation initiatives using technologies like social, mobile, cloud and software defined networks.
A successful ransomware attack almost always involves a variety of attack vectors, frequently guided by human intervention. Successfully resisting a ransomware attack requires a solution that can neutralize the full range of threats from these vectors. Organizations should adopt solutions that detect and response to such malware by incorporating data analytics and threat intelligence to protect the vulnerable endpoints. AI-powered autonomous solutions can also prevent ransomware attacks by proactively detecting and eliminating them.
Do you believe companies today have accelerated their digital transformation initiatives?
Definitely! Digital transformation means different things to every company – it can be hard to pinpoint a definition that applies to all. However, in general terms, digital transformation integrates digital technology into all areas of a business resulting in fundamental changes to how companies operate and how they deliver value to customers. Digital transformation can mean anything starting from data storage on the cloud, the connection of IoT devices to a company network, migration of documentation and processes to digital platforms and virtual access to applications and services. It means that no matter what organizations do today, it is done digitally.
However, as we are more connected to the internet, and more data is being stored and transferred in digital form, we are subject to more cyber threats. The key objective for cybercriminals is to access and steal our data, and the endpoint (our computers) is one of the entry points to a wider network penetration including cloud, internal and external servers, emails and everything else that represents monetary value for them. Increasing connectivity and digitalization increase the number of cyber-risks and endpoint protection plays an instrumental role in protecting valuable data and information.
What are the cybersecurity trends for 2021?
Adoption of AI-Powered Solutions: XDR, Extended Detection and Response, is the evolution of EDR, Endpoint Detection and Response, taking the cyber world by storm. XDR replaces siloed security and helps organizations address cybersecurity challenges from a unified standpoint. With a single pool of raw data comprising information from across the entire ecosystem, XDR allows faster, deeper and more effective threat detection and response than EDR, collecting and collating data from a wider range of sources.
Remote Working: The shift to a remote workforce in 2020 was one of the single biggest transformations in work for the past 100 years. Items like vulnerability management and visibility on isolated internet-only machines will become a mandatory reality for many companies in 2021.
Increasing Use of IoT Devices: An estimated 41.6 billion IoT devices will be connected to businesses within the next five years. This explosion of connected devices has created a huge – and often hidden – attack surface for threat actors to exploit. Attack surface reduction is a crucial part of modern cybersecurity programs.
Zero Trust: Defending a considerable attack surface puts tremendous pressure on enterprise cybersecurity teams. Zero Trust practices hold that no users or devices should be trusted by default, subject all users to verification process and stringent access control. This is a great approach for organizations concerned about who is connecting to what, from where, especially when you compare it to traditional VPNs, which enable much wider access and create security risks.