Twitter: @edd1819, Instagram: @bluestar0910, Facebook: SDN — Science, Digital & Current News
Ransomware brings operations to a halt – encrypting data and requiring payment to regain access. Stopping ransomware requires shifting from detection to prevention, achieved by reducing the attack surface and known and unknown threat prevention.
— Palo Alto Networks
By EDD K. USMAN
(SDN) — PUBLIC and private entities (enterprises, hospitals, government agencies, etc.) are in a bind of the likes of a Gordian Knot.
Various security companies have revealed that the pandemic health crisis that erupted and caught the world flat-footed in December 2019 (the month that China made it public) is driving more cybersecurity attacks, including the kind where cybercriminals ask their victims for ransom. In exchange for decrypting their data/files and not releasing them on the cyber wild.
But can you trust the hackers? The answer should be obvious.
SDN — Science & Digital News learned from at least two international cybersecurity experts that they will not recommend paying ransom to hackers because it is like sponsoring their criminal activities. And that they cannot be trusted to keep their words. They are supposed to be bad people, anyway.
For 2021 the experts expect the bad guys to heighten their attacks on the healthcare sector in relation with the coronavirus vaccine as they will attempt to make more money from hospitals and pharma companies. It’s a fearsome thought!
Imagine hospitals and other healthcare facilities unable to function as they should because of hackers being able to command and control vital sections of a health facility. Not just money, life is also at stake because doctors won’t be able to treat their patients.
A few days ago Palo Alto Networks briefed members of the Philippine news media and blogging community to unravel the company’s predictions for 2021. Sean Duca, vice president and regional chief security officer of Palo Alto Networks Asia Pacific and Japan (APAC J), and Palo Alto Networks Philippines Country Manager Oscar Visaya presided over the virtual event.
Background: In 2020, businesses scrambled to adapt and find a new secure and efficient way of working due to the Covid-19 pandemic. The year saw many reports of cybercriminals exploiting the crisis as “work from home” became an opening as an ideal opportunity to step up cyber attacks.
One indication of how scammers were trying to leverage the crisis was in the early days of March 2020 when 100,000 domains were registered with Covid-10 and coronavirus keywords for fraudulent gain.
For 2021 something more sinister lurks ahead on cyberspace.
SDN had a chance to shoot three questions to Sean Duca and Oscar Visaya. Here’s the exchange:
SDN: An insurance company in Israel was hit by the Black Shadow hacker group, asking for at least a million dollar ransom. But the company had refused to pay up. The hacker group had already released data they stole from the company and threatened to release more unless the firm pays up.
Question 1: If you were in the (shoe) of the company, what would you have done? If you agree to pay up, it would be like funding the Black Shadow’s future activities; if you don’t pay up, what would be your alternative acts, what if the threat becomes existential for the company?
Answer: Ransomware brings operations to a halt – encrypting data and requiring payment to regain access. Stopping ransomware requires shifting from detection to prevention, achieved by reducing the attack surface and known and unknown threat prevention.
Step 1: Reduce the Attack Surface
- Gain full visibility and block unknown traffic.
Identify all traffic on the network and block unknown, potentially high-risk traffic.
- Enforce application- and user-based controls.
Restrict access to SaaS-based tools for employees who have no business need for them.
- Block all dangerous file types.
Not all file types are malicious, but those known to present higher risk, or associated with recent attacks, can be controlled.
- Implement an endpoint policy aligned to risk.
Enforce policies that restrict non-compliant endpoints from connecting to critical network resources.
Step 2: Prevent Known Threats
- Stop known exploits, malware, and command-and-control traffic.
Blocking known threats raises the cost of an attack and ultimately reduces the likelihood of an attacker attempting a breach.
- Block access to malicious and phishing URLs.
Prevent users from inadvertently downloading a payload or having their credentials stolen by blocking known malicious and phishing URLs.
- Scan for known malware on SaaS-based applications.
SaaS-based applications represent a new path for malware delivery and must be properly secured.
- Block known malware and exploits on the endpoint.
Endpoints are common targets for attacks. Ensure you are keeping your endpoints secure by blocking any known malware or exploits.
Step 3: Identify and Prevent Unknown Threats
- Detect and analyze unknown threats in files and URLs.
As new files are submitted, detonate, analyze and look for malicious behavior.
- Update protections across the organization to prevent previously unknown threats.
Automatically push protections to different parts of your organization’s security infrastructure.
- Add context to threats, and create proactive protections and mitigation.
Developing protections requires context to better understand the attacker, malware and indicators of compromise.
- Block unknown malware and exploits on the endpoint.
Once unknown threats or trends of suspicious behavior have been identified and blocked, block unknown malware and exploits on the endpoint.
Question 2: What’s in the pandemic that made businesses ramped up their leveraging of technology?
Answer: The pandemic is shaking up business and consumer behavior on a massive scale. We all have a lot to be worried about — for our workers, business operations, financial impact, and the health and safety of ourselves and our families. With COVID-19 driving a surge in cloud adoption, we see not only attacks targeting the cloud users but also threats originating from the cloud.
With organizations waking up to a changing economic outlook, perhaps cybersecurity is not top of mind. But it should be a top priority. Cybersecurity is the foundation upon which so many digital services are delivered and how we connect and communicate. We have to be vigilant, for example, in mitigating new threats that are emerging as a result of this situation. We have to ensure that people can access accurate and potentially life-saving information as they are asked to stay home. We have to keep businesses running as workers are remote.
Given that more of the workforce is now working remotely from home, we anticipate an increase in attackers targeting home routers and other Internet of Things (IoT) devices to compromise home networks.
Here are our recommended tips for consumers and businesses to stay safe during this time:
- Be wary of websites offering “too-good-to-be-true” deals on Covid-19 essentials, like face masks and hand sanitizer.
- Treat all emails and websites purporting to offer information about Covid-19 as suspicious.
- To ensure you’re not (going to be) the victim of a phishing attack, always check for the three main indicators, shown in Figure 1 below: correct domain name, the presence of the padlock and valid certificate ownership.
- If you believe your credit card information was stolen as a result of a recent online purchase, you should contact your bank to freeze or change your card immediately.
- Consider putting a freeze on your credit, so that new accounts can’t be opened up using your personal information.
- Make sure your home router has a physical password in addition to your Wi-Fi password. If you don’t know how to do this, visit your device manufacturer’s site to find their step-by-step instructions.
- Run a Best Practice Assessment to identify where your configuration could be altered to improve your security posture.
- Use URL Filtering to block “Newly-Registered Domains”, which contains domains registered in the last 32 days.
- If you cannot block access to the Newly Registered Domains category, then our recommendation would be to enforce SSL decryption to these URLs for increased visibility and to block users from downloading risky file types such as PowerShells and executables.
- You can also apply a much stricter Threat Prevention policy and increase logging when accessing Newly Registered Domains. We also recommend DNS-layer protection, as we know over 80% of malware uses DNS to establish C2.
- eCommerce and online retailers can mitigate risks by patching all their systems, components and web plugins to avoid being compromised.
- Make sure you’re using strong passwords on your content management system (CMS) administrators to make it less susceptible to brute force attacks.
Question 3: Within Palo Alto Networks, what changed due to the pandemic, how did you adjust, what challenges did you have to overcome, your course of action moving forward?
Answer: When the pandemic hit, we responded quickly at Palo Alto Networks with an employee choice program we called FLEXWORK. We empowered our people to decide what they needed to work productively in this moment – while meeting their own personal needs and those of their families. That ranged from an entirely work from home model for some, to a hybrid approach for others who wanted it, allowing them to access Covid-safe offices, where local regulations allowed.
Based on these sessions and feedback we’ve gathered across the company, we’re excited to announce that we are launching the next phase of FLEXWORK to help all of our global employees stay safe, feel healthy and maintain productivity. As we shared with our employees today, the FLEXWORK program will expand to include a broad range of initiatives – adding flexibility to our benefits, learning and work from home.
No two employees are the same in the support they need. For one, tutoring help for school-aged children might reduce the anxiety of online learning. For another, that Peloton subscription is all that’s getting them out of bed in the morning.
In addition to our current benefits, we plan to give our employees an additional allowance of US$1,000 per year (or the equivalent outside the United States) beginning November 1. Employees can use this to choose from a new menu of flexible benefits, with options including health, wellbeing and education.
This is the first step: Over time we intend to individualize all benefits, centering them around employee choice.
Similarly, the skills we need to stay productive range hugely. A new graduate joining the workforce remotely needs a different kind of support to a leader navigating a distributed team.
We’re launching customizable learning paths to help employees not only meet the challenges posed by this new environment, but also flourish in their careers. With FLEXLEARN, employees select learning when and how they want it, with solutions that will continue to expand, including eLearning and discussion forums, and mentoring.
Some of this has already begun – we launched a six-week on-demand learning series at our Sales Kick Off this month to guide our sales professionals through our products. In addition to our sales team, we’ll prioritize new employees and managers to start, expanding FLEXLEARN to cover all roles over the next 18 months.
Initially an experiment through December 2020, we’re also extending our work from home options through July 2021. Long term, we see our offices as collaboration spaces rather than a daily destination: an anchor for our relationships where we have the opportunity to be together, collaborate and develop deeper bonds.
We’ve learned over this year that we can work together, wherever we are, and that productivity flourishes when we’re given choices. We’ll continue to gather feedback as we roll out these initiatives. This is about working with support, trust and flexibility. The results so far make me excited for where we can take this, together. (/)