Ransomware, supply chain attacks show no sign of abating

Ransomware and supply chain attacks will continue to rear their ugly head in a world where cyber attacks are increasingly being politicised.

That was the key message shared by a panel of cyber security experts at Black Hat Asia 2021 who noted that the two common attack vectors would offer the highest returns on investments for threat actors.

Vitaly Kamluk, principal security researcher at Kaspersky Lab, predicted the rise of ransomware as early as 2007 upon the discovery of asymmetric cryptography used to encrypt files and demand ransom for them.

“Today, ransomware has become a service that enables groups to join and deploy infrastructure and services to hit their victims,” he said, noting the rise of ransomware 2.0 where files are not only encrypted but also disclosed through data dumps.

Kamluk said some perpetrators have gone even further to tip off the media to attract attention and exert more pressure on companies that hesitate or refuse to pay the ransom.

“The latest trend now is to reach out to a company’s customers to inform them that their data has been stolen,” said Kamluk. “This will create the reputation that the company is incompetent to ruin their image, which negatively affects their business.”

Kamluk said encryption may not even play a key role as it does today with ransomware, as threat actors look to smear the reputation of their victims through other means. “So, make sure you have basic security hygiene and back up all your critical data,” he said. “Be prepared for day X when you are breached - what is your standpoint on paying the ransom and how will you project a strong image to customers?”

In the aftermath of the SolarWinds attack that had affected prominent companies like Microsoft, the panellists noted that more supply chain attacks have been enabled by the growing dependencies between systems that have become more interconnected than ever.

Vandana Verma, vice-chair of the global board of directors at the Open Web Application Security Project (OWASP) Foundation, said compromising one such dependency used by hundreds of other products brings huge rewards. “I’m sure we’re going to see a lot more supply chain attacks; they may be bigger or smaller, but we will see more of these attacks for sure,” she said.

Against this backdrop, adopting the zero-trust security model could help organisations to mitigate cyber threats that have intensified amid the ongoing pandemic.

Lidia Giuliano, a security advisor and consultant, said authentication and access controls, in particular, will become more important in future, especially when companies are taking a cloud first approach.

“Companies have to make sure that they are implementing stronger authentication controls and enforcing MFA [multi-factor authentication] and least privileges for people working remotely,” she said.

Neil Wyler, threat hunting and incident response specialist at RSA, said the zero-trust model goes back to the basics of cyber security.

“What it is really is about is doing separation and the segmentation that we have been talking about since the 1990s,” said Wyler. “Some of these fundamentals are really boring, but they give us a chance to put the fun back in fundamentals and get zero-trust right.”