Breaking the ransomware kill chain
Ransomware attacks do not typically breach defences through a single machine or device. If ransomware manages to penetrate an organisation’s defences, there are still opportunities to prevent its lateral movement across your network, thereby cutting the ransomware kill chain and stopping the breach in its tracks.
Growing target
Last month, the Garda National Crime Bureau (GNCCB) and the National Cyber Security Centre (NCSC) issued a warning to business owners of an increased threat of ransomware. In a letter sent to Ibec’s Small Firms Association, the NCSC and GNCCB noted that they had observed a “trend of small- and medium-sized businesses being increasingly targeted by ransomware groups”. While these groups typically focused on larger organisations, they noted that “recently there have been several smaller Irish businesses impacted by ransomware”.
Is this a shift that Irish SMEs are sufficiently prepared for? Conor Scolard, technical director at Ekco, is doubtful. “I would say the majority of them are not ready,” says Scolard. “The reality is that when we look at IT spend from companies, usually less than 10% of their budget is spent on IT. And less than 10% of that budget is likely spent on security. With those numbers, you can imagine that malicious actors often have technologies that are far greater than anything your average SME can afford to protect against. That’s the scary part.”
“Ultimately for these actors, it’s a business,” continues Scolard. “They have big numbers behind them, and with a lot of automation. They try to hit as many people as possible. That means that those with a lower security footprint are going to be the easiest ones to get, and unfortunately, that can be those spending less money on security.”
Shockwaves
But even large organisations are vulnerable to ransomware attacks, as last year’s HSE incident clearly showed. Scolard says the attack sent shockwaves through the industry: “After the HSE attack we certainly saw an increase in the conversations we were having about ransomware, and we are still seeing the impact of it on clients today.
“The attackers successfully managed to get into the minds of individuals through fear. People now come to us saying they’re afraid. They don’t know whether they’re protected, and they don’t know how they might recover. More companies come to us now saying they want to do a test to establish where they are, and where they need to be, and ensure that their recovery plans include a disaster as unique as ransomware. There’s no doubt that this increased awareness is a good thing.”
To encourage more understanding around this topic, Ekco’s Breaking the Ransomware Kill Chain event on 21 September will provide insight into ransomware through the unique perspectives of Irish law enforcement and experts from Ekco, Ward Solutions (an Ekco company), Carbon Black/VMware and Akamai.
The live event will take place from 13:45 to 16:30 at Stephen’s Green Club, Dublin 2, featuring a keynote speech from the head of the Garda National Cyber Crime Bureau, Detective Superintendent Pat Ryan. Det. Supt. Ryan represents An Garda Síochána as a board member on the European Union Cybercrime Task Force (EUCTF) and is also a member of the Interpol Global Cybercrime Experts Group.
Topic of interest
The idea of ‘Breaking the ransomware kill chain’ is a great topic of interest among Ekco’s clients: “The cornerstone of most of our conversations with clients is around ransomware,” says Scolard. “It has the highest impact and has gained visibility at C-level. Every entity within The Ekco Group gets questions about ransomware from their clients.”
The Ekco Group recently bolstered its cybersecurity offering with the acquisitions of Ward Solutions and Kontex Security. “We’re now seeing different approaches to tackling ransomware, and Ekco is even better able to assist in the prevention, detection, and remediation of an attack than ever before. We’re really hoping to highlight the various ways one can protect an organisation during our upcoming event.
”The event, which is for end-users only, is targeted at the larger mid-market and enterprise space. As to what attendees should expect on the day, Scolard says: “We’re going to show some of the low tick points that everyone can do to ensure there’s some level of protection within an organisation from ransomware, as well as raising some of the best protection mechanisms an organisation can take.”
“The reality is that recovering from a ransomware attack is very difficult. From working on recovery incidents, I know just how much work and how much cost goes into responding to an incident. Those resources are far better directed towards detection and prevention. That’s why education is so important.”
Patterns of attack
Scolard, who is speaking at next week’s Ecko event, will take to the stage to shed a light on the anatomy of a ransomware attack and discuss the patterns of attack he has seen over the past 18 months as he battles to limit data loss following a breach.
“I’ll be focusing on how much damage we’re really seeing. While we often talk about successfully recovering from an attack, which can take months, what about the organisations that we don’t hear about? What about the operators who run small firms, how can they afford to recover?”
Behind closed doors
What sort of insights should event attendees expect to hear from keynote speaker Det. Supt. Ryan? “Det. Supt Ryan has such a unique perspective from his line of work; I’ve no doubt that he’ll share insights that many of us are not aware of. While we’ve witnessed many high-profile attacks through the years, there’s so many that we never hear about because they don’t make it to the news cycle. So much happens behind closed doors. If ten attacks make it into the news, 100 will have taken place.
“I’m hoping Det. Supt Ryan will also touch on the shift towards greater extortion in ransomware, and the growing threat facing small- and medium-sized businesses in Ireland.”
Also taking to the stage is Andy Crail of Akamai, who will discuss the increasing adoption of micro-segmentation, a technology developed to address the growing need for granular, least-privilege access required to protect east–west traffic. Mark Fox from Carbon Black/VMware will explore wider threat detection across end points, servers, and other workloads, as well as interesting trends around an increased focus on blackmail as an element of ransomware attack. Paul Hogan of Ward Solutions, an Ecko company, will discuss the use of managed SOC (Security Operations Centre) to provide accuracy and speed in mitigating risk against growing ransomware attacks.
Full spectrum
Scolard says next week’s event line-up represents every point of the journey: “We’ll be sharing perspectives across the full security spectrum, from prevention and protection to detection and recovery. I believe Det. Supt Ryan will give us real insight into what’s specifically happening in Ireland, and some of our multinational vendors will take a look at what’s occurring globally.”
Networking opportunities
An in-person event is still somewhat of a novelty these days. How important was it to Ekco that the event take place live? “Firstly, from a presenter perspective, it’s great to be back in person. When you’re explaining something to a room full of people, it’s so much easier to see if they are understanding what you’re telling them when you can see their faces.
“The second aspect of a live event is of course the networking. To be able to come together with members of your field in a less formal setting and share stories and discuss different approaches to solving issues is vital, and something that was sorely missed during the pandemic.”
Scolard continues: “The attacks that are successfully detected and prevented hopefully make it to the Guards, but they don’t make it to the news. But the stories from the teams that worked behind the scenes to get that result are so valuable to people in our field, so we’re really looking forward to being able to share those moments again.”
To learn more about breaking the ransomware kill chain and to register for this live Ekco event, click here.
Subscribers 0
Fans 0
Followers 0
Followers