How to prevent ransomware attacks with a zero-trust security model

Ransomware attacks are rampant, with thousands taking place every day. Find out how a zero-trust security model can protect your organization.

Image: kaptnali, Getty Images / iStockphoto

Ransomware attacks occur 4,000 times around the world every day. The process is quite simple: malware infects a target computer and an attacker encrypts valuable data, then sends the victim a notification demanding payment of a ransom to free access. It’s a bet: if the ransom is paid because there is no guarantee that the attacker will release the data.

SEE: Security incident response policy (TechRepublic Premium)

It should be emphasized that this is a real phenomenon which in fact blocks targeted data; this is not the same as a random email from a stranger stating that they “got access to your devices, which you use to browse the internet” and “after that I started following your Internet activities “whereby they accuse you of engaging in unsavory online behavior which they threaten to expose unless you send them Bitcoin. These are safe to ignore. Ransomware cannot be ignored.

TechRepublic has offered many tips on combating ransomware as well as strategies for being proactive about it. However, there is a zero trust model when it comes to cybersecurity that can also help businesses stay secure.

Duncan Greatwood, CEO of Xage, a zero-trust security company, pointed out that a ransomware attack can be much more damaging than simply preventing access to valuable data. This is an inconvenience and a potential disruption to business operations, but when an energy or utility network is compromised, it can lead to power outages, traffic jams and, when security mechanisms are breached, the release of toxic chemicals, oil spills, fires or explosions.

In addition, Greatwood pointed out, rich countries and corporations are prime targets for ransomware attacks. “The higher the expectations for service reliability, quality and trustworthiness, the more likely the business is to be the target of the attack. For these companies, the impact of lost revenue and reputation is far greater than the payment. capital to pay the ransom. Utilities, oil and gas operators, pipelines, chemical manufacturing, and the food and beverage industry are prime targets, ”he said.

The problem is exacerbated by the fact that in recent times the skills required to execute a ransomware attack have been drastically reduced. “Ransomware software packages exist with millions of stolen credentials from the dark web that allow people with relatively little technical background to effectively execute ransomware attacks. In fact, ransomware as a service models are emerging with comprehensive software offerings for hackers. The hacker groups are based around the world with some concentration in Eastern Europe, China, Iran and Russia, ”Greatwood said.

Identity-based access, frequent password changes, and multi-factor authentication can help reduce the incidence of such attacks, but to be proactive, Greatwood and I agreed that identifying the Source of repeated and excessive login attempts and blocking these attempts is essential to detect and reduce the impact of ransomware attacks.

A zero trust model is a valuable defense mechanism for blocking ransomware. “One of the most effective ways to prevent ransomware attacks is to adopt a zero-trust architecture, the modern alternative to perimeter-based security. Built on the ‘never trust, always verify’ principle, a zero trust security strategy would have prevented ransomware attacks like the Colonial Pipeline and JBS, preventing it from spreading through operations while maintaining l ‘operation in progress.

SEE: How to Manage Passwords: Best Practices and Security Tips (Free PDF) (TechRepublic)

The Colonial Pipeline attack as well as many other recent attacks (JBS, Brenntag, Oldsmar, etc.) demonstrate that industrial operations lack security controls throughout their operations to effectively identify, isolate and recover infected systems. Cybersecurity controls across operations give the operator the ability to control every interaction between applications, users and machines on an individual basis based on identity and policy and with zero trust. When such controls exist, they give the operator a method to prevent the attack from spreading and the operation can continue to function even during an active attack, ”said Greatwood.

“Unlike traditional techniques, where an attacker can exploit cyber weaknesses by gaining access inside a network segment perimeter, Zero Trust treats the identity of every machine, application, user and data stream as its own independent ‘perimeter’, allowing granular enforcement of access policy As such, rigorous security enforcement continues even in the event that hackers enter an operational or corporate network and ransomware cannot pass through computer and OT systems, ”said Greatwood.

Greatwood also pointed out that zero trust is especially crucial for companies in industries that have been slower to modernize, such as oil and gas, utilities and energy. Due to their late digital transformation, as well as a mix of old and modern equipment, these businesses are often the most difficult to secure.

“Cybersecurity and Infrastructure Security Agency recently released a set of guidelines specifically for industrial operations due to the rise of ransomware attacks in this industry. The National Institute of Standards and Technology has also updated its set of guidelines to protect industrial control systems from such attacks. Both advocate a zero-trust defense-in-depth approach with granular role-based access management for all interactions in the OT and in especially in IT / Cloud environments, ”said Greatwood.”

SEE: Ransomware attack: why a small business paid the $ 150,000 ransom (TechRepublic)

“Zero trust really means a way to control interactions between users, machines, applications and even data on an individual basis requiring authentication and authorization by security policy, vertically and horizontally and at multiple levels. Organizations must implement controls in all their environments: cloud, business, control center, facilities, substations, wind farms, everywhere to be able to not only protect, but also quickly isolate infested systems and recover operations ”, he added.

Here are the benefits (and requirements) of a trustless distributed cybersecurity system (cybersecurity mesh / fabric) as defined by Greatwood:

  • No dependence on implicit trust zones, static accounts and firewall rules
  • Each identity (user, machine, application, data) forms its own protection perimeter
  • Access permissions controlled by identity, role and policy
  • All interactions have “just sufficient access” enabled “just in time”
  • Unsecure protocols such as RDP, VNC, Modbus and their vulnerabilities are never exposed outside the organization, but proxy through TLS sessions
  • Unlike VPNs which place remote users ‘devices (and potential malware on them) in networks, ZTA remote users’ devices are never inside the network (not even the enterprise).
  • Controls user-to-machine, machine-to-machine, application-to-machine, and application-to-data interactions and secure file and data transfer within and between OT, IT, and Cloud
  • Vertical (enterprise and remote to control the network) and horizontal (site-to-site ICS) access management
  • Driven by centralized policy management and enforced using distributed nodes (any asset, any location). Meshing cybersecurity with a distributed identity-based application is a major strategic trend for 2021, according to Gartner.
  • Overlays in existing OT / IT architectures without network or system changes (compatible with the existing deployed base of workstations, HMI, IED, etc.)

SEE: Expert: Intel sharing is key to preventing more infrastructure cyber attacks (TechRepublic)

Greatwood pointed out the risk of liability here: “Companies that pay ransomware fees – victims of ransomware – can also face serious legal risks depending on the identity and origin of the hackers, because the US laws prohibit sending funds to certain organizations and, such as terrorists or certain organized crime syndicates, and also prohibits companies from doing business with certain countries. “

Also look

Previous Ethereum's Political Philosophy Explained | Paul Ennis
Next Jamestown Advanced Products Corp. experiences record expansion and growth | News, Sports, Jobs

No Comment

Leave a reply

Your email address will not be published.