Written by: Carolyn Crandall, Attivo Networks CMO – Halloween may be the only time of the year when monsters, vampires and ghosts parade the streets at night spooking the public. However, in the dark online world of sophisticated adversaries and expanding attack surfaces, threats continue to lurk in our networks at unprecedented rates, wreaking havoc on organizations and going undetected for months at a time…scary stuff. These threat actors’ “tricks” are certainly not enjoyable “treats”, so for this year’s Halloween blog, we’re looking into how organizations, in all industries, can avoid falling victim to the modern cyber villain’s trickery with the help of deception technology.
Beware of Ransomware
This method of attack is growing in popularity, with ransomware attacks rising 2502% in 2017. While all industries are at risk to ransomware attacks, threat actors tend to home in on organizations that need quick access to their files, such as those in the healthcare sector or government agencies. The repercussions of a ransomware attack can be crippling; it is expected to cost the world more than $8 billion in 2018. While educating employees on cybersecurity best practices is vital, organizations still need to be equip with top notch security solutions to deter and detect threats. Deception technology provides early detection for advanced threats and ransomware that has somehow managed to creep into your network.
A ransomware attack will look to infect networked drives in order to encrypt and or erase them. Deception technology provides deceptive drives with lures that, once an attacker seeks to infect the deception drive, will raise a high fidelity alert in real time with information on the infected endpoint. Automatic quarantining capabilities can also help in preventing the attacker from spreading from that infected system.
Attivo Networks deception technology detects new and unknown ransomware, without relying on known signatures or attack patterns. Instead, deception creates deceptive SMB shares that appear as authentic mapped drives that are designed to deceive an attacker into engaging. Once the attacker touches a deception system, an alert will not only go off, but high interaction deception will kick in that keeps the attacker actively engaged in the deception environment, slowing down its advancement. Your organization will gain the information required to immediately isolate the infected system and to create the signatures for prevention systems to block, threat hunt, and remediate the attack.
It can be a challenge to educate company management on the total financial impact risk when it comes to cyberattacks involving ransomware. Ponemon presents an interesting way to think about it in their report on the true cost of ransomware: the biggest hit to the organizations’ balance sheet will come in the disguise of employee inactivity, make it extremely difficult to get any work done. Ponemon pegs the average cost of a single attack at $5 million, with $1.25 million—a quarter of the total—attributable to system downtime, and another $1.5 million (30 percent) to IT and end user productivity loss.
Steer clear from the Insider Threat Nightmare
According to the Ponemon Institute’s report, “2018 Cost of Insider Threats: Global Organizations,” the average cost of an insider threat annually is about $8.76 million. To adequately address these threats, organizations need to adopt preventative strategies and solutions that can fend off insider attacks, but they also need to be able to detect the threats that evade prevention systems quickly and accurately.
Attivo operates on the premise that attackers are already inside the network and focusses on providing organizations with early visibility and accelerated response to detected incidents. The platform’s advanced in-network detection security solutions help organizations dramatically increase the speed at which insider threats are uncovered and substantiate the activities so that decisive corrective action can be taken.
While external attacks will continue to plague organizations, it would be a mistake to underestimate the threats that an organizations’ own employees and suppliers represent, whether it be accidental or nefarious. Deception technology for early threat visibility and detection, combined with employee-training programs will defend against these insider threats and strengthen the protection of critical company information and assets.
More Unnerving than a Moving Ouija Board: Unsecured IoT Devices
As the IoT ecosystem continues to accelerate, so do the cybersecurity threats associated with connected devices. Although we are witnessing a sharp increase in IoT related threats, according to The Ponemon Institute’s report “The Internet of Things (IoT): A New Era of Third-Party Risk”, only 28 percent of organizations currently include IoT-related risk as part of the third-party due diligence. The unfortunate reality is that many IoT devices are riddled with security holes, which smart hackers can slip through, often undetected. And if hundreds of IoT devices can be coordinated for an attack, it can create chaos and catastrophe on an enormous scale.
With an increase in cyber-attackers seeking to penetrate secure networks through IoT “backdoors”, it is essential that organizations continue to add to their cybersecurity arsenal by looking to tools that augment visibility. A comprehensive cybersecurity defense will include prevention techniques as well as visibility and early detection, as seen with deception technology, to catch inside-the-network threats in real-time. The solution also maintains its efficacy regardless of the attack surface and is easily scalable to meet the explosive proliferation of new internet connected devices. This will be critical as the growth of IoT devices continues to skyrocket and as “smart cities” become increasingly prevalent.
The Attivo Networks ThreatDefend™ Deception Platform efficiently closes this gap with it’s ability to customize to fit into any landscape, address evolving attack methods, and provide layered security in environments like IoT where innovation is outpacing legacy security controls.
Avoid an ICS-SCADA Horror Story
Industrial control systems—specialized computer hardware and software that provide the smarts for everything from manufacturing plants to nuclear power stations—are tempting targets for adversaries. According to the Business Advantage State of Industrial Cybersecurity 2017 report, 54 percent of companies experienced an ICS incident within the year—and 16 percent had experienced over three.
What’s tricky about SCADA environments is that, inherently, they’re primarily concerned with uptime. The operators of those networks are challenged to apply vendor patch updates for security bugs and other issues if the patch could potentially disturb an existing system configuration or require any downtime or disruption. This makes it difficult to keep these environments secure and it is often hard to collect the forensics required to investigate and respond to incidents adequately.
Attivo Networks takes a different approach to detecting cyberattacks on ICS-SCADA devices. Instead of relying on signatures or known attack patterns, Attivo places decoys to lure the attackers into engaging with a BOTsink® deception servers. For authenticity, customers have the flexibility to install their own Open Platform Communications (OPC) software while running popular protocols and PLC devices on the BOTsink solution. The ability to “mirror-match” customize, makes the deception indistinguishable from production SCADA devices. Regardless of the threat or SCADA device in use, the Attivo solution provides visibility to in-network threats and forensic reports to quickly shut down attacks on critical infrastructure, ranging from fuel sensors to critical infrastructure in auditoriums.
Use Deception to Your Advantage this Halloween
The increased pressure of detecting advanced attackers across an ever-changing attack surface is driving the demand for deception technology as cybersecurity professionals are seeking innovation and efficiency in defending their organizations. Whether your primary motivation is driven by a ransomware, insider threat, IoT or ICS-SCADA horror story, Attivo Networks can help. If you seem to be encountering a new demon in digital threats at every turn you take, deception will provide you with new and useful tools to eradicate the monsters in your network. Tell us more about the security threats that haunt you! We would love the opportunity to work with you to battle these phantoms.