How to combat exfiltration-based extortion attacks | usagoldmines.com

The vast majority of cyberattacks are conducted solely to disrupt organizations, but one type of attack has more than just an organization-wide effect; it also has a personal impact.

Conducted primarily by ransomware threat groups, data exfiltration-based extortion is becoming far more prominent -in fact, a notorious Russian ransomware group known as BianLian has recently appeared to shift its approach entirely towards this new trend – and it’s easy to see why. These attacks provide a more lucrative financial outcome for criminals because it preys on the organization’s victims’ strongest fears: humiliation and harm to loved ones, and fear about their personal information being available for years to come on the dark web even if payment has been made for its safe return.

Organizations have become accustomed to encryption-based attacks and realize that paying the required ransom doesn’t guarantee they’ll get their files back. As a result of this, the number of organizations that pay a ransom has reduced and criminals are now bypassing this, choosing to steal sensitive data and threatening to hit organizations where it hurts the most—their reputation and also that of their individual employees.

The steps that attackers take when looking to conduct data exfiltration-based ransomware attacks are:

• Gain access: The attacker gains access to the victim’s network. (Via vulnerable assets on the network)
• Locate assets: The attacker locates and secures access to high-value assets
• Exfiltrate data: The attacker exfiltrates the data to their storage network.
• Encrypt data: The attacker encrypts data.
• Demand ransom: The attacker demands a ransom to unlock the data.
• Threaten to release data: If the ransom isn’t paid, the attacker threatens to publicly or sell the data.

Now that organizations have realized that they don’t get their files back after paying, the number of organizations that pay has reduced, and criminals are responding by changing tactics, going for exfiltration and hitting a company or employee reputation.

Data exfiltration: it’s personal

By stealing sensitive data—like scandalous emails, private emails, photos, or embarrassing secrets—and threatening to make it public, attackers are no longer conducting attacks with the aim of specifically targeting the organization. They are now targeting the individual. And it should not come as a surprise that 80% of ransomware attacks now include data exfiltration.

Most employees will go to great lengths to protect themselves and their families from shame, whether in the C-suite or working at the managerial, executive, or junior levels. Picture a CEO desperate to keep a personal secret out of the headlines. It’s powerful leverage, and while an organization might hold firm and refuse to pay, an individual under intense pressure often will cave.

New attacks require new entry points

So, how do attackers manage to pull this off so frequently? The answer lies in the many unknown and unmanaged assets that lie within an organization. Previously, attackers would look to conduct any breach via the front door, but this is no longer the case. Increasingly, attackers are infiltrating company defenses via the side door of unmanaged and unknown assets. These forgotten devices, rogue endpoints, or unpatched systems often fly under the radar of security teams and are increasingly acting as open doors that give attackers an easy way to enter, steal data, and turn their threats into big paydays.

It is paramount for organizations to lock down their environment by uncovering all hidden devices and unseen vulnerabilities.

Preventing the attack before it takes place

This increase in data exfiltration-based extortion is happening in tandem with the changing cybersecurity landscape. The aid of technological developments such as AI is supercharging attacks on IoT and OT systems simply because they tend to be the weakest link. With the increase in system convergence, unmanaged and unknown devices serve as the ideal jumping-off points to other parts of the network. Once there, attackers stay undetected, biding their time until the opportunity to steal sensitive data or demand ransomware payments presents itself.

Even with organizations stepping up their IT defenses, about 60% of assets remain hidden from security teams, creating massive blind spots. To compound matters, the speed at which attackers conduct attacks is only increasing. Studies indicate that 72% of attackers can locate and exploit an organizations vulnerability in a single day. Furthermore, last year, it was seen that unmanaged, internet-facing assets were the cause of 7 out of 10 beaches.

Organizations worldwide must focus on visibility now more than ever. They must have full visibility and understanding of their entire attack surface. This means identifying and cataloguing every IT, IoT and OT device, whether managed or unmanaged, regardless of its function. Only when the light has been shone on all devices and systems can organizations understand their attack surface and lock down weak points, especially those connected to sensitive data. In doing this, security teams can stay ahead of threat groups looking to infiltrate defenses.

Solid discovery of all devices and systems is critical in preventing breaches that lead to data exfiltration-based extortion. This includes spotting all connected assets, uncovering vulnerabilities, and monitoring new assets or changed network environments. Mapping and monitoring the environment, security teams must act precisely once they identify potential issues.

It can’t be understated how important it is to take action once you’ve encountered a potential weakness in your defenses. Whether mapping how attackers might laterally move across the network or highlighting areas where the network needs strengthening, security teams must be proactive to protect against network vulnerabilities and, in turn, minimize the chances of a data exfiltration-based ransom taking place.

We’ve featured the best identity theft protection.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro