[German]Due to the coronavirus pandemic, people have increasingly been working in home offices since 2020. Unfortunately, securing these workplaces has not kept pace with this development. At the same time, with the increased telecommuting in businesses due to the pandemic crisis, cybercrime has further upgraded and strengthened its ransomware capabilities. The number of ransomware attacks has skyrocketed. To keep up with cyber threats despite changing conditions, enterprises are forced to expand their IT security approach and strengthen their measures.
Advertising
According to this year's Remote Work Report (unfortunately only available after registration) from Bitglass, 75 percent of companies were working from home at the start of the pandemic; now one year on, 90 percent of companies expect to continue offering home office as an option to their employees in the future. At the same time, 56 percent of the companies surveyed fear reduced malware protection in the process. For cyber criminals, a new field opened up last year that offered opportunities for cyber attacks, and did not go unused – and will continue to be exploited in the future.
From this perspective, it is not surprising that ransomware campaigns have massively increased from this point on. Encrypting data relevant to business operations is particularly painful for companies that are already in a kind of emergency mode, and the prospect of a quick ransom payment is correspondingly high for the extortionists. Such attacks are usually carried out in three ways:
- Using unsolicited, sometimes even harassing or threatening emails, the criminals try to persuade their victims to click on a link from which the malware is downloaded.
- The next category is untargeted attacks, where thousands of emails are sent as spam. The attacker does not really know to whom they are sent, but hopes that a small number of recipients will download the ransomware.
- The third category is targeted attacks, where the criminals know exactly who they want to reach and personalize their efforts accordingly.
In this regard, cyber gangs have established new approaches that allow even inexperienced criminals to enter this area of corporate extortion.
Criminal professionalization: Ransomware-as-a-Service
Due to the high prospects of success last year, the "professionalization of cybercriminals" also experienced a new boost. In particular, the approach known as Ransomware-as-a-Service is currently experiencing a boom. Here, hackers rely on division of labor to proceed as efficiently as possible: It usually takes hundreds or even thousands of attack attempts before even one is successful. It is easier if the developers make their ransomware payloads available to those who have the capacity to carry out both large-scale and targeted attacks. The profit is eventually split between the two parties.
A procedure that, by the way, does not differ much from the methods of traditional criminal organizations. These also typically have a supply chain with the equivalents of wholesalers and retailers working together to meet the needs of their "customers."
Advertising
Upgrading the corporate IT
For cyber criminals, moving corporate employees to the home office offers strategic advantages. For companies, new security risks and issues arise. Beyond the corporate network, IT management influence is limited. The spatial isolation of individual employees can also lead to more carelessness, which hackers can exploit with social engineering attack tactics.
To cope with this changed risk situation, companies must expand their security strategy. Ways must be found to make the IT environment resistant to careless behavior and malicious attacks even in remote operation. Secure Access Service Edge (SASE) solutions enable IT management to maintain the level of control they are accustomed to beyond the network perimeter.
SASE platforms are deployed from the cloud and leverage multiple technologies to enforce a Zero Trust policy across all users, applications, web destinations and environments:
- Zero Trust Network Access (ZTNA): SASE platforms offer both agent-based ZTNA to secure fat client applications such as SSH and remote desktops and agentless ZTNA for browser applications as standard. This technology performs automated access controls and applies real-time Advanced Threat Protection (ATP) capabilities. Users who cannot authenticate or sources deemed untrusted are denied access.
- CASBs: Cloud Access Security Brokers (CASBs) prevent malware contained in files from entering and being stored in the cloud via upload. Downloading infected files is also not possible, preventing the spread of ransomware.
- On-Device Secure Web Gateways:Secure Web Gateways (SWG) scan traffic at all endpoints and block suspicious URLs and unmanaged applications before they can be accessed. This can, for example, prevent the opening of links contained in fraudulent emails that are intended to initiate the download of ransomware.
Vendor Bitglass, which provided me with the above information, also offers a Total Cloud Security product. However, solutions are also available from other vendors. The important thing is that corporate IT responds to the new threats.
The human factor: a guide for employees
In addition to technological precautions, it is essential to consider the human factor. Vigilant employees can form the crucial role in case of sophisticated attacks to let these attacks come to nothing. Even in home office operations, companies should make their employees aware of cybersecurity risks. In the form of a brief written guide, companies can demonstrate appropriate behaviors to the workforce. During regular work meetings, IT managers can also educate employees about current attack techniques used by cybercriminals.
By expanding their security precautions in this way, companies can counter the strategic imbalance against cybercriminals and ensure an even balance of power
