Ho Ho HACKED! Ransomware Awareness for the Holidays

by CyberGRX

‘Tis the season for ransomware awareness because, for hackers, ‘it’s the most wonderful time of the year’ to launch attacks. We sat down with our very own, Caitlin Gruenberg, Director of Solutions Engineering at CyberGRX, to talk through what CISOs need to be aware of as we enter the holiday season as well as the best ways to reduce the chances of a successful ransomware attack impacting your organization. Watch the webcast now:

Why Do Ransomware Attacks Rise During the Holidays?

Even though businesses are facing ransomware attacks every 11 seconds, Caitlin Gruenberg explains that the holidays are unique in that, “There’s less staff, and minimal coverage.” This, combined with employees’ festive, relaxed mood, is a perfect recipe for ransomware activity.

As Caitlin puts it, “The bottom line is you can’t let your guard down.”

What Are the Signs of Ransomware or Other Malicious Activity Impacting Your Network?

In many cases, it’s easy to spot an attack—even with relatively basic monitoring technology. For example, if you see any of the following, you’ll want to investigate or shut down affected systems immediately:

  • Unusual inbound or outbound traffic
  • Substantial increases in log read volume
  • Logins during odd times of the day
  • Any suspicious activity that seems abnormal

For example, with the Log4j breach, hackers found a vulnerability that allowed them to take over a server using Apache’s Log4j library. The attackers created a fake LDAP server and used it to send and force the execution of the malicious payload. That’s why a spike in log activity, which may otherwise seem relatively innocuous, could indicate an attack.

By keeping an eye out for anything even remotely suspicious, security teams can cut hackers off at the pass.

What Could Have Been Done Differently in the Log4j Breach?

If companies had been constantly evaluating and reevaluating their cybersecurity system, looking for vulnerabilities, the fallout from the Log4j hack could have been significantly less dramatic. The kind of awareness needed to prevent these kinds of infiltrations also involves identifying when and how your organization could get affected by this type of attack.

The Impact of Third Parties on Your Attack Surface

It’s also important to keep in mind that attacks can come directly or indirectly through the third parties an organization uses. Even though a comprehensive evaluation of a third party’s cybersecurity system can be hard to come by, companies can ask them—and themselves—the following questions:

  • What controls are in place to prevent attacks?
  • Are patches currently up to date?
  • Is there a patching procedure that ensures consistent patching practices?

What to Do to Stay Safe from Ransomware Attacks During the Holiday Season

To keep your networks secure, Caitlin suggests that companies “make a list and check it twice. Make sure system and software patches are up to date.” This can be very effective because, as Caitlin explains, “Unpatched networks and systems are common “ins” for cyber attackers.”

It’s also crucial to have a thoughtful, well-rehearsed incident response plan in place so all stakeholders know what to do in the event of an attack.

How to Advise Staff to Keep Your Company Secure

As the adage goes, you don’t know what you don’t know—but when you do know, you can fix it and look out for it. To ensure everyone in your organization has the knowledge they need to play their part, you need security awareness training. Training is the best way to thwart a ransomware attack.

Here are some straightforward steps CISOs can take to empower each member of their organization to prevent ransomware attacks:

    • Educate your employees about what a phishing email looks like. As Caitlin points out, “One in three employees click on phishing emails, which are up during the holidays.” Teach employees to look out for emails with tempting messages like, “Hey, here’s a gift card,” as well as delivery scams.
    • Teach employees what happens if they click on an email.
    • Make phishing simulations difficult, not easy or predictable. As employees get more savvy in recognizing fake emails, cyber criminals have gotten more sophisticated, too. Challenging phishing simulations can better prepare your team.
    • Talk about multifactor authentication (MFA). Hackers are taking advantage of MFA by sending codes through email and text messages, emulating authentication code texts, and then inputting the information to gain access to accounts. It’s important to let your staff know what these look like and how to double-check verification messages they receive.
    • Look out for impersonators. If someone is asking you to enter any type of personal information, that’s a telltale sign. Always go to the trusted site the message appears to come from to verify whether or not it’s legitimate.
    • Never click when it says “click here.”
    • Report suspicious emails. Anytime you get a phishing email or something that seems suspicious, share that information because that may help thwart that type of attack in the future.

Cyber Risks While Traveling

It’s best to avoid doing any work while connected to unsecured networks, such as in airports, coffee shops, or people’s houses. Bad actors are waiting for opportunities to take advantage of people who log into public networks. They often spoof the network, making a fake one with a believable name, and when you log into it, they can intercept sensitive information you enter on websites.

To minimize your risk, it’s best to use a VPN (virtual private network) that has an encrypted connection that can’t be exploited. The same goes for when you connect to the internet using a personal hotspot. A VPN can encrypt anything you transmit, giving you a thick layer of security in case someone is trying to snoop on your activity.

How to Handle Risk from Third Parties 

Mitigating the risk presented by third parties starts with understanding who your vendors are. Caitlin underscores the importance of getting to know “your entire vendor ecosystem, and then within that, understand where your riskiest vendors lie.” This should involve:

  • Understanding the controls they’ve implemented
  • What each vendor’s threat level is
  • What controls need to be in place to take action against each vulnerability

What to Do if You Don’t Already Have a Third-Party System in Place? 

The number one way to protect yourself from ransomware attacks and other cyber threats, is to get your hands on third-party risk data as soon as possible. CyberGRX provides the cyber risk intelligence you need so you can process and understand your third party risk. CyberGRX’s solution also leverages continuous monitoring and threat intelligence, which results in rich, actionable data.

CyberGRX integrates with the MITRE ATT&CK framework, so you know which vendors are more susceptible to cyber attacks and enabling efficient, effective operation—without having to invest extra time and energy second-guessing the safety of each and every vendor. CyberGRX also uses predictive intelligence to assess which vendors may pose the highest risk in the future.

Protect your organization from ransomware attacks over the holidays. By having actionable vendor security data at your fingertips, you can have peace of mind and confidence in your third-party risk management program. Even if you aren’t sure about Risk Exchanges, like CyberGRX,  if you show us who your third parties are, we’ll show you your risks. No obligation– get an inside glimpse into your third party vulnerabilities– book a demo now.