“The ransom payment question has be come much less black and white than it once was”
I’m often asked what the single biggest cybersecurity threat to business is, and my answer remains the same as it did a decade ago: not getting the security basics right. That may come as a surprise to those who thought I would say ransomware, but ransomware attacks are just a symptom of the insecurity disease that’s running rife through many businesses large and small. It is, however, an increasingly common and costly symptom.
You might counter that poor basic security hygiene isn’t to blame for the ransomware epidemic when some variants such as MountLocker are using Windows Active Directory application programming interfaces (APIs) to worm their way through enterprise networks. But even then I’d argue it is.
Blue Hexagon founder Saumitra Das reckons that by using native API for propagation, the MountLocker threat actors have made it a “challenge to spot” using “just observational tools such as log monitoring and sandboxes”. And he’s not wrong: isolating the noise from legitimate API calls from those malicious ones isn’t straightforward. But behavioural systems can at least flag such activity for further checking (so-called detection and response systems).
@happygeek
As Edgescan CEO Eoin Keary says,
You’re reading a preview, subscribe to read more.
Start your free 30 days