Ransomware – The Attack Du Jour!

Ransomware is gaining traction among hackers; emboldened by financial success and anonymity using cryptocurrencies. In fact, ransomware is now considered a tried and true cyberattack technique, with attacks spreading among small and medium-sized businesses, cities and county governments. Coveware’s recent 2019 Q1 Ransomware Report notes:

  • Ransoms have increased by an average of 89% over Q1 in 2019 to $12,762 per ransom request
  • Average downtime after a ransomware attack has increased to 7.3 days, up from 6.2 days in Q4 of 2018, with estimated downtime costs averaging $65,645
  • Victim company size so far in 2019 is anywhere from 28 to 254 employees (small, medium, and large-sized businesses)

Let’s review how ransomware works and why it’s so effective. Ransomware is a type of cyberattack where an unauthorized user gains access to an organization’s files or systems and blocks user access, holding the company’s data hostage until the victim pays a ransom in exchange for a decryption key. As you can surmise, the goal of such an attack is to extort businesses for financial gain.

Ransomware can “get into” a system in different ways, one of the most common through phishing emails or social media where the human worker inadvertently opens a message, attachment, or link acting as a door to the network or system.  Messages that are urgent and appear to come from a supervisor, accounts payable professional, or perceived “friends” on social media are all likely ransomware actors disguising themselves to manipulate or socially engineer the human.

Near and Far: Ransomware Has No Limits

Many types of ransomware have affected small and medium-sized businesses over the last two decades but it shows no limitations in geography, frequency, type, or company target size.

  • Norwegian aluminum manufacturing company Norsk Hydro, a significant provider of hydroelectric power in the Nordic region, was shut down because of a ransomware infection. The company’s aluminum plants were forced into manual operations and the costs are already projected to reach $40 million (and growing). The ransomware name: LockerGoga. It has crippled industrial firms across the globe from French engineering firm Altran, and manufacturing companies Momentive, and Hexion, according to a report from Wired.
  • What was perceived as an unplanned system reboot at Maersk, a Danish shipping conglomerate, turned out to be a corrupt attack that impacted one-fifth of the entire world’s shipping capacity. Deemed the “most devastating cyberattack in history,” NotPetya created More than $10 billion in damages. To add insult to injury, the cyber risk insurance company for Maersk denied their claim on the grounds that the NotPetya attack was a result of cyberwar (citing an act of war exclusionary clause).  WannaCry was also released in 2017 and generated between $4 billion and $8 billion in damages but nothing (yet) has come close to NotPetya.
  • On Black Friday 2016, the San Francisco Municipal Transportation Agency fell victim to a ransomware attack. The attacker demanded $73,000 for services to be restored. Fortunately, speedy response and backup processes helped the company restore systems in 2 days—avoiding having to pay the ransom. In March 2018, the City of Atlanta experienced a ransomware attack that cost upwards of $17 million in damages. The Colorado Department of Transportation fell victim, too, left with a bill totaling almost $2 million.

These headlines are stories of a digital war that has no geographical borders or structured logic. No one is truly immune to ransomware, and any company that thinks that way is likely not as prepared as they think they are. Beazley Breach Response (BBR) Services found a 105% increase in the number of ransomware attack notifications against clients in Q1 2019 compared to Q1 of 2018, as well as noting that attackers are shifting focus to targeting larger organizations and demanding higher ransom payments than ever before.

Immersive cyber ranges – Protect Yourself, Your Business, Your People

If your own security efforts, staff practices, and business infrastructure are continuously hardened every time a new breach headline makes the news, the things that matter most to you and your company will be better protected. One of the ways to consistently harden security practices is via immersive and persistent training on gamified cyber ranges. Some benefits of using cyber ranges like this include:

  • Helping professionals of all skill levels learn and apply preventative measures such as: regular backups, multi-factor authentication, and incident response planning and analysis.
  • Understanding what ransomware looks like and how it would “work” if it infected their company’s network.
  • Cloud-based environments can scale to emulate any size digital system and help users “see” and respond to threats in safe spaces.
  • Providing user assistance and immediate feedback in terms of rewards, badges, and progress indicators, allowing organizational leaders who want to upskill their cyber teams to see the skills gaps and strengths in their teams and identify ways to harden their defenses.

When ransomware does come knocking at your business door, will you be ready to recover from the costly and reputational damages? If there is any shred of doubt in your mind, then it’s time to re-evaluate your cyber readiness strategy. As we’ve learned, even the smallest vulnerability or level of uncertainty is enough for a cybercriminal to take hold.

Photo by Michael Geiger on Unsplash and via website.

Cyber Ranges and How They Improve Security Training

WHAT ARE CYBER RANGES?

Cyber ranges were initially developed for government entities looking to better train their workforce with new skills and techniques. Cyber range providers like us deliver representations of actual networks, systems, and tools for novice and seasoned cyber professionals to safely train in virtual, secure environments without compromising the safety of their own network infrastructure. Today, cyber ranges are used in the cybersecurity industry to effectively train the cyber workforce across companies and organizations for stronger cyber defense against cyber attacks. As technology advances, cyber range training advances in scope and potential.

To learn more about Circadence’s cyber range offering, visit https://www.circadence.com/solutions/topic/cyber-ranges/.

The National Initiative for Cybersecurity Education reports cyber ranges provide:

  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience
  • An environment where new ideas can be tested and teams and work to solve complex cyber problems

In order to upskill cybersecurity professionals, commercial, academic, and government institutions have to gracefully fuse the technicalities of the field with the strategic thinking and problem-solving “soft skills” required to defeat sophisticated attacks.

Currently, cyber ranges come in two forms: Bare environments without pre-programmed content; or prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop many skill sets, not just what their work role requires.

UNDERSTANDING CYBER RANGES IN A BOX (OR CYRAAS, as we call it.)

Cyber ranges in a box is a collection of virtual machines hosted on an on-premise or cloud-based environment. Now, don’t let the name “in a box” fool you, at Circadence, you can’t purchase our cyber range solution on its own. To your cyber learning benefit, Circadence offers a cyber-range-as-a-service [CyRaas] solution embedded within the Project Ares cyber learning platform for optimized training and skill building at scale. When you purchase Project Ares, CyRaaS is included. It provides all-encompassing tools and technologies to help professionals achieve the best cybersecurity training available. Our service offers industry-relevant content to help trainees practice offense and defense activities in emulated networks. Cyber ranges also allow learners to use their own tools within emulated network traffic to reflect the real-world feeling of an actual cyberattack. In “training as you would fight,” learners will have a better understanding of how to address cyber threats when the real-life scenario hits.

With advances in Artificial Intelligence (AI), we know cyber ranges can now support such technology. In the case of our own Project Ares, we are able to leverage AI and machine learning to gather user data and activity happening in the platform. As more users play Project Ares, patterns in the data reveal commonalities and anomalies of how missions are completed with minimal human intervention. Those patterns are used to inform the recommendations of an in-game advisor with chat bot functionality so players can receive help on certain cyber range training activities or levels. Further, layering AI and machine learning gives security  professionals better predictive capabilities and, according to Microsoft, even  “improve the efficacy of cybersecurity, the detection of hackers, and even prevent attacks before they occur.”

To learn how cyber ranges are being used to improve cyber learning for students (and how it can be applied to your organization or company,
DOWNLOAD OUR “LEARN BY DOING ON CYBER RANGES” INFOGRAPHIC.

GAMIFIED CYBER RANGES

With many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with a gamified element. Project Ares has a series of mini-games, battle rooms, and missions that help engage users in task completion—all while learning new techniques and strategies for defeating modern-day attacks. The mini-games help explain cyber technical and/or operational fundamentals with the goal of providing fun and instructional ways to learn a new concept or stay current on perishable skills. The battle rooms are environments used for training and assessing an individual on a set of specific tasks based on current offensive and defensive tactics, techniques and procedures. The missions are used for training and assessing an individual or team on their practical application of knowledge, skills and abilities in order to solve a given cybersecurity problem set, each with its own unique set of mission orders, rules of engagement and objectives.

CYBER RANGE SECURITY

There is a lot of sensitive data that can be housed in a cyber range, so system security is the final piece to comprising a cyber range. The cloud is quickly recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure the cyber ranges are operating quickly with the latest updates and to increase visibility of how users are engaging in the cyber ranges across the company, information security in the cloud is the latest and greatest approach for users training in test environments.

We are proud to have pioneered such a state-of-the-art cyber range in many of our platforms including (as mentioned above), Project Ares®, and CyRaaSTM. We hope this post helped you understand the true potential of cyber ranges and how they are evolving today to automate and augment the cyber workforce.

Learning from the Top 5 Financial Cybersecurity Incidents

Banks, credit unions, credit card companies, investment firms, and insurance companies are all under cyberattacks—making financial cyber security a hot topic of discussion. For years, the finance industry has been one of the hardest hit with cybercrime according to Deloitte. And it continues to rank in the top five most vulnerable industries. In 2017, 69 material cyber incidents were reported to the Financial Conduct Authority, an increase from the 38 incidents in 2016, according to Information Age. Financial cyber security regulations are keeping companies in check but the pace at which threats evolve in sophistication requires a persistent approach to stay ahead of hackers.

If you bank online or have an insurance policy, you likely understand the convenience of single keystroke access to financial information. It’s easy, convenient and useful to transfer funds from mobile device to mobile device; electronically sign a form; or get a quote for a mortgage company just by entering in new financial details. Unfortunately, the rapid pace of adoption of new technologies that make these everyday transactions convenient is widening the attack surface for hackers and prompting security professionals to consider even stronger finance cyber security risk management processes.

Financial Cyber Security Incidents

Below are some of the most notable cybercrime attacks on financial services firms that we can learn from in order to take a more proactive approach to cyber security readiness.

Equifax 

The consumer credit reporting agency was breached in 2017, exposing the sensitive personal information of more than 147 million Americans. Partial driver’s license data was the primary data leaked. Equifax representatives said the vulnerability that allowed for the attack to occur was the failure to keep its computer systems adequately up to date.

Bank of Chile

State-backed hackers infiltrated the Bank of Chile’s ATM system in January 2019 and stole $10 million. The cyber heist was deployed via hackers initiating a virus as a “distraction” then prompting banks to disconnect 9,000 computers to “protect customer accounts.” Meanwhile, hackers sneaked in and used the global SWIFT bank messaging service to deploy fraudulent transactions.

India’s Cosmos Bank

Unauthorized users accessed their system and siphoned nearly $13.5 million through withdrawals across 28 countries. Unidentified hackers created a proxy switch that approved all the fraudulent payments.

Lazarus group

North Korea’s hacking operations are targeting financial institutions nationwide—completely indiscriminate of a brand or geographic location. The country is linked to attacks in 18 countries, according to a report from Russian cyber security firm Kaspersky Lab. The hacking operation known as “Lazarus” targeted employees at banks who visited the hackers’ list of 150 specified internet addresses. Experts say the attacks are at a “level of sophistication not generally found in the cybercriminal world,” and companies should take proactive measures to carefully scan their networks for the presence of Lazarus malware samples, disinfect their systems and report the intrusion.

Bangladesh Bank 

Bangladesh Bank experienced a hack in February 2016 that drained $81 million from accounts in a few short hours. Attackers subverted the bank’s SWIFT accounts, the international money transfer system, to get what they wanted, reports Wired magazine. Hackers sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of Bangladesh Bank’s funds to accounts in the Philippines, Sri Lanka, etc. Reports indicate lax computer security practices were to blame (e.g. lack of firewalls installed on the networks), allowing hackers to easily infiltrate the network and find the credentials needed to proceed. The concept of attacking systems on the weekend isn’t a new approach either—other banks like Tesco experienced the same timing in November 2016 when thousands of current account customers were hit with fraudulent transactions by hackers.

Learning from Financial Cyber Security Incidents

Outdated systems, employee exploitation, weakened network security, and a poor ratio of defenders to hackers all contribute to the severity of these financial cyber security incidents.

These attacks tell us a lot about what preventative steps can be taken. To ensure financial services firms have the latest systems updated and in place requires an experienced cybersecurity team to perform regular system checks and updates.

Financial cyber security compliance leaders need to empower their teams with the right tools and persistent learning opportunities so they can be prepared for any malware infection or system overwrite that occurs.

The increase in reported attacks reflects a greater need for accountability across all financial institutions. As the attack frequency grows, so must our cybersecurity vigilance. Cyberattacks will adapt to defense strategies so financial firms need to ensure they are always one step ahead. The best way to achieve this goes beyond hiring our way out of the issue. Training your cyber workforce proactively using gamified cyber range training to combat the latest threats is the key to sustained success.

For more information on how financial firms can upskill their security workforce
download Project Ares subscription brochure.

Photo by Alexander Mils on Unsplash