So, you are alert to the threat of ransomware but, can you be sure that your data has not, is not and will not be, manipulated by outside forces?
More insidious than a ransomware attack is the hack where data or the network is compromised but is secretly hidden from view. The exploit can go unchecked for a long time, with information taken at will, the outcome of which may be very damaging for the victim company.
Such attacks fall under commercial espionage and the actors range from competitors, disgruntled employees, and even nation-states. Once in the network the attacker remains hidden and takes various approaches dependent on what is to be achieved. It is never the intention of the attacker to tell the victim that they have their data, but to remain hidden, indefinitely.
There have been instances where data has been monitored and fed back to the competition when a tender has been submitted or a change to pricing. Such information can be valuable, for example, when governments are placing large contracts.
Another example is where data is modified, resulting in expensive product recalls and loss of market confidence. It is likely that these attacks will convert into a blackmail scenario, where the victim is advised of the infiltration and possible data modification ramifications, should on-going payment not be forthcoming. This is similar to a protection racket or extortion money!
These attacks generally occur due to the poor monitoring of network access and the missing of unusual events that are happening within the infrastructure. Frequently, incidents are flagged up, but due to the busy nature of many IT departments, they go unchallenged.
Companies need to protect themselves by being more proactive in stopping the unknown, rather than relying on known attack vectors which Antivirus and DLP solutions focus on. Fileless attacks are impossible for AV to detect and once triggered, look like a normal application able to hide themselves away and exploit at will.
There are solutions that are designed to understand what is normal on a network and take action on the unusual. They can take away the delay associated with SIEM solutions, as the required action is taken immediately rather than waiting for someone in the IT team to investigate, by which time, it is too late.
File integrity is another solution. Using file integrity monitoring you create a hash of the file itself, enabling you to be able to compare that hash. If it is the same, then you know no one has changed that file. Furthermore, you can apply classification, such as ‘Secret’, and should these types of files move, change or leave the organisation, an alert is sent to the data owners.
Companies face a continual stream of threats including, reputation, revenues, and future market share. Sadly, it often takes companies years to even realise they have had a breach, let alone know what data was affected. We need to stop thinking only in terms of data being taken and understand that it may also be manipulated. Planning for the consequences of both scenarios is critical.
Protection rackets are no longer just in old films with Elliott Ness! They are a clear and present danger and cannot be ignored!
Every organisation can benefit from added protection. Call us on 0844 586 0040, or email firstname.lastname@example.org and we’ll be happy to advise you.