Another year and another batch of grey hairs for network security engineers tasked with keeping their organization’s data safe and secure. For this article, we’re going to narrow our focus to two specific types: Password Spraying and Ransomware.
Password Spraying attacks are an attempt to learn end-user’s credentials, but they have the side-effect of potentially acting as a Denial of Service if they are overly aggressive and trigger your Account Lockout protections.
One of the main reasons I wanted to write about this topic is because it is on the rise. We are hearing from an increasing number of our customers that they or organizations they know are regularly receiving these attacks. Dealing with the symptoms by continually unlocking accounts still results in lost productivity for end-users and your help desk and does not tackle the root cause.
You can mitigate this type of attack with MFA, which will help ensure attackers cannot fully authenticate if a password is learned, but it does prevent the Denial of Service aspect of this attack. You can also use a third-party vendor, such as Scooch, which provides real-time cybersecurity screening in several ways: Notifications of risky passwords, warnings about access to phishing sites that lead to harmful ransomware viruses, and blocking of downloads of harmful executable files. Administrators are notified of any sites where users did not log out and identifies suspect applications or employee phishing attempts.
Ransomware is an especially insidious attack that requires running a program on the targeted machines. This program searches for specific file types, encrypts them using a randomly generated key, then sends that key back to the attacker. Talk about using technology for illicit purposes! The attacker then demands a specific amount of money in order to return the encryption key which, in theory, allows the victim to decrypt and recover their data. Adding to the heartburn are the possibilities that the ransomware is poorly written which may render the data corrupt and there are no guarantees that the attack won’t recur in the future.
According to Barkly, ransomware attacks actually diminished in the first half of 2018. Counter to this, CPO Magazine cites a report from Datto that claims these attacks are becoming more prevalent and Beazley concurs, especially in the healthcare industry. Regardless of the trend, these remain very serious attacks which occur across verticals. Last year saw high profile private companies like PGA of America, local government agencies such as the City of Atlanta and large health care agencies have highly publicized infections. Do not sleep on this attack as it’s easy for hackers to reproduce and compromise systems, especially servers, can cripple your infrastructure.
Protections include regular off-site backups, regular software updates, multiple tiers of network Intrusion Detection and Prevention systems and anti-virus software. For backups, this includes individual files, SQL databases & file servers which must be then kept offline to prevent possible propagation.
Again, there is no shortage of attacks being carried out against your own infrastructure, much less the internet at large. As long as attackers can achieve their goals of making money or sowing discord, they will continue to innovate and perpetrate. Security models will continue to evolve with those threats to help keep organizations and their data safe enough until the next iterations of attacks arrive.