The recent hacking of servers belonging to Professional Golfers’ Association (PGA) of America, targeting files relating to the PGA Championship and Ryder Cup golf tournaments, is an example of the threat posed to organisations’ cyber defences by increasingly sophisticated types of malicious software.
The continued growth of digital technologies, automation and the Internet of Things is creating countless opportunities for businesses; for instance, capturing and using real-time data to gain a competitive edge and boost those all-important margins.
Simultaneously however, this marriage of old and new technologies has introduced unseen forms of cyber risk and provides criminals with additional routes of attack, which if ignored, could put a stop to business altogether.
Recognising the threat
The rapid growth in digitisation and automation has been accompanied by the emergence of a type of cybercrime predicated on the use of ransomware to extort funds – often in the form of bitcoin. As seen in the case of PGA, ransomware locks systems and denies access to data until the ransom sum is paid. Following the typical line, the PGA hackers warned that any attempt to crack the hacked file encryptions would lead to the permanent loss of the data they contained.
With increased digitisation, previously unconnected areas of an organisation’s operations can now become part of a broader interconnected IT network. This became evident in the PGA hack: the breached files contained marketing materials, including logos, relating to the two golfing championships. Integration and connectivity undoubtedly bring multiple operational advantages, but teams looking after the security of internal IT networks now find themselves with much larger attack surface areas to protect.
Defending against cyber-attacks is or at least should now be a high-level priority for businesses and organisations. An aversion to cybersecurity investment will leave firms increasingly vulnerable to new and emerging types of infiltration. Ransomware attacks, though far from new, are becoming more and more relevant, and in some cases more complicated to defend against.
The repercussions of ransomware
When ransomware is downloaded it rapidly encrypts files and data on the victim’s infrastructure, disabling access and even bringing operations to a halt. This can quickly damage customer relationships and incur huge costs through the loss of intellectual property or essential business data.
Ransomware is usually delivered via a simple phishing email, containing a misleading attachment for the victim to open. Once opened, the attachment encrypts the data in the user’s system and delivers a message with details on the conditions of the ransom and the size of the payment required to access the decryption key.
The damage done by ransomware has historically depended on the particular individual in a target company, and the extent to which they are connected to the wider network. More recently we have seen variants of ransomware that have extended their scope beyond the hard drive of a single PC. Instead, they seek out ‘privileged’ accounts – those which provide advanced administrative access – to move more widely within the network and search for business-critical files to encrypt. In this way, by infiltrating just one account, the ransomware can compromise a much larger part of the network to find and deadlock vital files and data at an even greater cost to businesses.
Most anti-malware and anti-ransomware solutions today focus on detecting and blocking them at the point of infection. These solutions are useful when you know what you’re looking for, but ransomware continues to evolve, with new variants emerging every day. Businesses and organisations should therefore adopt a multi-layered approach which employs application controls and removes local privileges (the ability to access more sensitive parts of the network) from regular PCs. This will reduce the surface area for attacks and block their progression.
Steps must also be taken to protect the most sensitive files in the organisation. Employing grey-listing - an approach which denies reading, writing and modifying file privileges to unknown apps or applications that aren’t trusted or certified - allows ransomware to execute harmlessly, thereby blocking it from accessing and encrypting business critical files.
Backing up an organisation’s data is a simple but essential defensive method in the fight against ransomware. With multiple generations of backup – taken from automatically backed up data at various intervals – the system can be wiped and restored in an instant, negating the threat of ransom demands.
As businesses and organisations embrace digitisation and automation to access the benefits of operational integration, cybersecurity must be a primary consideration. By dedicating equal time and investment to protecting their highest value assets through improved cybersecurity, organisations can limit the impact of fast-growing threats such as ransomware and ensure their business remains securely operational at all times. With high-profile incidents such as the PGA hack this month continuing to occur, it’s essential that businesses look closely at their processes to ensure they won’t succumb to a similar fate.
David Higgins is director of customer development EMEA, CyberArk.