How Streamscan CDS protects you against ransomwares ?
According to a study conducted by Sophos in 2020 (the state of ransomware 2020), these are the seven most common ways for ransomware to enter computer networks:
- A downloaded file or email with a malicious link: 29
- Front-end attack on a server and intrusion: 21
- Email with a malicious file attached: 16
- Misconfiguration of public cloud instances: 9%.
- Remote Desktop (RDP) access solution: 9
- Through a vendor (supply chain): 9%
- USB or removable storage media: 7%.
There are lots of ways to get ransomware into a computer network. And the strategies are constantly evolving to avoid any weakness and enter your network.
How do hackers target you?
At Streamscan, we often say that to fight hackers, we have to think like hackers. So, to understand how a hacker will attack you, you have to remember the following principles:
- Engage the minimum effort possible: hackers will always favor simple and inexpensive means at the beginning. Humans are the weakest link in cybersecurity (everyone knows this, including hackers) and it costs very little to send malicious emails. To find target emails, professional social networks such as Linkedin are good sources. Hackers just combine the first and last names of employees to build a good list of your company emails. If your employees are not sensitized and educated about these risks, someone will end up clicking. The hacker only needs one click to get into your network. If that doesn't work, hackers will look for other options, and there's no shortage of those.
- Skip the steps and reach the goals quickly: forget about the imaginary proud hacker who wants to lead a large-scale attack all by himself and become a star, that was in the 2000s! Hackers today hack mainly for money, not for fame. Don't forget also that your corporate data (emails and passwords, etc.) are often for sale on the Darkweb. Hackers can buy them cheaply, access your email boxes or network, and then infect you with ransomware. Not a very elegant method, you may say? Hackers don't care as long as you pay. After paying the ransom, some hackers aren’t even embarrassed to reveal they bought your data on the Darkweb.
- Use complex strategies only when you expect to make a lot of money: Complex attackswill only be used for the biggest targets where the expected profit is very high (several million dollars for example, like the case for Kaseya in July 2021). This is also the case for targeted attacks launched by countries in order to access very sensitive information held by governments, the military, pharmaceutical research firms, etc.
- Automate attacks: why bother spending all night attacking targets when you can automate everything? Hackers also love to automate. For example, according to attack data collected by our CDS technology, 99% of attacks are launched by bots/botnets that operate 24/7. These botnets are constantly evolving and improving. We are seeing more and more of them that are able to search for a vulnerability, find it, exploit it and take control of the target server, running ransomware without any human intervention.
- Reusing methods that work: you must have noticed that almost all new ransomware says it exfiltrated data? Well, the reason why everyone is doing it is because it works. Indeed, more and more organizations are backing up their data and refusing to pay ransom in case of ransomware. So hackers have found a way to put additional pressure by infiltrating data and threatening victims with disclosure, and it works!
First Steps to Defending Against Ransomware
Start by focusing on the means of attack that are least expensive for hackers. This covers the following means:
- Downloaded file or email with a malicious link (29% of attacks).
To mitigate this risk: educate your users on cybersecurity risks, deploy a web filtering solution, a mail filtering solution, deploy an intrusion detection system (IDS/IPS, NDR, like Streamscans CDS)
- Frontal attack on a server and intrusion (21%).
To mitigate this risk: deploy an intrusion detection system (IDS/IPS, NDR, like Streamscans CDS)
- Email with a malicious file attached (16%).
To mitigate this risk: deploy an email filtering solution, IDS/IPS/NDR, antivirus/EDR, etc.
- The Remote Desktop solution (9%).
To mitigate this risk: deploy an intrusion detection system (IDS/IPS, NDR, like Streamscans CDS) or a SIEM
With this, you will have covered 75% of the ways used to introduce ransomware into your network:
Next Level Protection
Once you’ve implement the first steps, tackle the following:
- Misconfiguration of public cloud instances (9%).
To mitigate this risk: regular vulnerability scans of your IT environments (internal and cloud), hardening your servers, applying vendor recommended best practices, deploying IDS/IPS/NDR like Streamscans CDS, application firewall, etc.)
- Through a vendor (supply chain, 9%):
To mitigate this risk: deploy IDS/IPS/NDR (like Streamscans CDS), include cybersecurity requirements in contracts with partners, including that the partner has an obligation to notify you if they experience a security incident. This allows you to disconnect your network to theirs, for example, to prevent the attack from spreading.
- USB or removable storage media (7%).
To mitigate this risk: antivirus/EDR
And of course, you have to make your backups and test them regularly. A MUST.
As you can see, protecting yourself against ransomware is not only a matter of technology. It's a combination of people, process and technology.
How does Streamscan's CDS technology protect against ransomware?
On the technology side, we see the central role of IDS/IPS/NDR in protecting against networks and ransomware. They are essential elements today in the network defense system, in the same way as firewalls and antivirus software.
As a reminder, an IDS/IPS (Intrusion Detection System / Intrusion Prevention System) or a NDR (Network Detection and Response) is a security technology that protects the network perimeter of an organization. It captures all traffic entering and leaving a network and analyzes it to identify and block cyberattacks (e.g.: frontal attack, ransomware traffic, data exfiltration, etc.). Streamscan's CDS technology is an NDR.
A SIEM is not an IDS
It is important not to confuse IDS/IPS/NDR with SIEM. Indeed, intrusion detection is not the role of SIEMs. They act mainly as centralized tools for storing security events, with very basic intrusion detection functions. These events can then be used to perform investigations when needed. To protect yourself against attacks, you need an IDS/IPS/NDR.
How can Streamscan help you?
Our CDS technology can protect your network against cyber attacks and malicious tools including ransomware.
There is no point in deploying security tools if you don't manage them. In fact, in several incidents we have managed, the security tools in place generated alerts that were ignored. If you are too busy or don't have the required expertise, you have the option of outsourcing your cybersecurity management through Streamscan's MDR monitoring service. We act as an extension of your internal IT team and take care of your security.
We are experts in incident response and have handled several ransomware cases including one with the authorities (article in french). If you fall victim to ransomware, you can count on us to work with you from start to finish to fix the problem and get back into production as quickly as possible. There is no such thing as absolute cybersecurity.
To protect yourself against hackers, you have to think like hackers and this is our mindset. So when we protect our partners' networks, we put the effort where it belongs, which helps optimize your cybersecurity budgets.
Find out how our CDS and MDR service can keep your network safe
We're confident that you won't want to leave your network unprotected after seeing the results of our monitoring. That's why we offer a free 30-day evaluation that includes:
- An information session
- Configuration of the CDS in your network
- Free 30-day evaluation and proof of value
Get in touch with us to start your trial at smbsecurity@streamscan.ai or call us at 1 877-208-9040.