The volume and sophistication of ransomware attacks has exploded and will only continue to increase next year, when we can expect more personalized attacks from criminals with a broader understanding of how organizations work on the inside.
The issue is becoming increasingly costly with a recent US Treasury report estimating that suspected ransomware payments reported during the first half of this year reached $590 million. In contrast, the level of suspected payments reported during all of 2020 was $416 million.
Clearly, the ‘revenue’ brought in by cybercriminals has further energized their efforts. At the same time, the huge shift to remote working has broadened the attack vector and encouraged attackers to target more people, more often.
As a result, an overarching zero trust approach is fast becoming essential if businesses and government agencies are to take the proactive protection of networks and critical infrastructure to the next level.
In practical terms, zero trust security sees the world differently from other approaches to cybersecurity. No one is trusted by default, regardless of whether they are inside or outside a network because without it, organizations run the risk of attackers having a free reign across a network once they are inside.
Targeting the Supply Chain
Take the IT supply chain ecosystem, for example - a key component of the industry that is once again under pressure from cybercriminals looking to exploit ongoing weaknesses. In recent weeks, Microsoft publicly warned its resellers and managed service providers that ‘Nobelium’ - the group thought to be behind the SolarWinds attack - was now targeting its global supply chain.
With Nobelium surveying global organizations for vulnerabilities, improving security infrastructure is now absolutely critical. According to Microsoft researchers, the nation-state adversaries are not leveraging specific vulnerabilities at this time but are using old school credential stuffing and phishing as well as API abuse and token theft in order to gather legitimate account credentials.
If successful, lateral movement across the compromised organization’s network would be the next stage, allowing for data theft, reconnaissance, compromise of customer systems and more.
Recent attacks and these new attempts to target major networks demonstrate that eliminating trust by default, whether within or outside a network, is quickly becoming a must-have for businesses looking to build a strong defence. In a world where data may be stored across different cloud providers, it's critical to tighten all access verification methods.
Adding a Content Disarm and Reconstruction (CDR) capability to the cybersecurity stack plays a vital role in a rounded zero trust cybersecurity strategy, particularly in the fight against malicious file uploads. As recently highlighted by Gartner® , “Restrict the file types to the minimum required. For allowed file types, there are essentially four options to limit the risk of malware upload: CDR provides the highest security. Done well, CDR removes all threats from uploaded files without adding significant latency. Since it does not depend on the detection of known threats, it can even protect against completely new attack types.”
To learn more about how Glasswall Content Disarm and Reconstruction solutions can help organizations deliver an effective zero trust strategy, click here.
Source: Gartner, Quick Answer: Protect Web Applications Against Malicious File Uploads, Mario de Boer, 8 October 2021
Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved