Although there is no way for organizations to protect themselves against advanced cyber-attacks such as REvil’s zero-day vulnerabilities or nation-state threats, they should still quickly respond to minimize the damage.
The summer of 2021 saw security leaders across the US failing to start their Fourth of July weekend when hundreds of managed service providers (MSPs) and their customers became victims of a ransomware attack that affected a client management tool from Kaseya.
Orchestrated by the REvil group, the attack exploited zero-day vulnerability in Kaseya’s virtual system administrator (VSA) server software which caused the ransomware to rapidly spread to many of Kaseya’s customers. However, this is not the only attack that has compromised the security of critical IT infrastructure. SolarWinds attack and Microsoft Exchange email attack are examples of highly effective vectors that can be utilized for widespread malware propagation. Since these software offerings are core to the internal IT supply chain and require deep server access, they become an attractive target for attackers to compromise. Thus to tackle ransomware attacks of this nature, security leaders should employ a combination of tools and techniques to secure the infrastructure of their organization.
Here are a few strategies that CISOs and their teams can adopt to mitigate similar attacks that become increasingly prevalent:
Investing in detection-based security tools
Today’s standard antivirus, along with the most rigorous patching routines, still lacks the behavioral analysis capabilities to detect advanced threats, making the organizations vulnerable to advanced threats. While it is critical to gain the ability to detect and correlate user, app, device and network behavioral patterns, most organizations will need to make new security investments. It will require organizations to update their security infrastructure across all PCs, from signature-based antivirus to tools that can detect file-less malware and analyze behavioral patterns to tackle attacks. Additionally, it will require organizations to equip server infrastructure with EDR tools that can sense abnormal application and process behaviors and file-level integrity changes.
Incorporating modern management
For the IT department, a single central point for all OS and app updates creates complexity. But, it also provides an attractive avenue for attackers seeking to exploit a large number of systems. Hence, security leaders should opt for adopting decentralized, modern management models that will provide them with reduced attack vectors, more rapid resolution of potential security issues, faster remediation and greater access controls. This will help the organization to remove the desirable target posed by a single source for all endpoint updates and patches.
Retaining incident response services
Incident response (IR) services are mostly utilized when experts are deployed into a customer’s site. However, these offerings have expanded to include proactive and reactive services and can also be deployed remotely.
Organizations should evaluate the value of their IR retainer to know whether they are using MDR services or not. These should cover a scope of services beyond the operation and configuration of security tools such as EDR and NDR.
While reviewing the IR services, CISOs should be cautious of IR providers that promote the concept of “no upfront cost” or “zero-dollar” incident retainer programs. Though the prospect of a low-cost entry point seems appealing at first, it often comes with limitations.
In conclusion, these strategies and investments can help organizations ensure they are in the best position to quickly detect, respond and minimize the impact of a REvil-style attack.
For more such updates follow us on Google News ITsecuritywire News