Summer is approaching and with it comes the creepy crawly roaches. You do everything you can to keep them out of your home but they always seem to find a way in. Once inside your home it just seems like you can never get rid of them. The same can be said for cybercriminals and ransomware.
Most homeowners focus on keeping roaches out of their homes at the perimeter by spraying poison at every entrance and every nook and cranny they can find. This same type of approach is also true for most small business networks. SMB’s tend to focus soley on perimeter defenses such as a network firewall, IDS/IPS, email protection, and anti-virus. What happens when your perimeter is breached? How would you know?
All the cybercriminals need is a single small opening to let them squeeze into your network. Just recently a cyber attack crippled Baltimore’s government computer servers. How did this happen? According to an article by the Associated Press, officials in Baltimore disclosed that its systems were made vulnerable by an “internal change to the firewall” by a technician who was troubleshooting within the automated dispatch system. This was all it took to get in.
How do you know that roaches have gotten past your defenses and made their way inside your home? Most of the time you only find out when you wake up one morning and find a dead one lying in the middle of the room upside down still twitching, or worse…in your pantry. By the time you see this, you can bet these sneaky critters have been in your home for some time. This is exacly how this new generation of cybercriminals and ransomware act. They hide in the corners and shadows of your network gathering information, looking for additional weak spots INSIDE your network. On average were talking 200+ days before anyone finds out they’re there. By this time it is too late!
No matter how hard you try or train, an end user is going to click on something they shouldn’t. The question then becomes, how effective are you at detecting and stopping it from spreading? A quick and thorough response is key to avoid the loss of passwords, intellectual property, or worse. Here’s a crucial piece of information to know upfront: Just treating the individual machine is not enough. More on that later, but we see that mistake time and time again.
After finding malware, your first and only mission in life is to figure out if credentials have been taken. If they have, you have a litany of other issues and scenarios to consider.
Once a hacker has valid credentials, they don’t need malware anymore. They can log into your network legitimately and access any information that the user has access to. This makes them much more difficult to spot, unless you know exactly what you’re looking for.
Malware may not be the end game — in many attacks, it’s just the beginning.
Attackers can use the malware as simply an entry point into your network, then use valid credentials or a backdoor to stay persistent and continue the attack. Using lateral movement techniques, they can explore different accounts, machines, and information within the network without drawing attention to their presence. After malware has made its way into your network, the attack can continue quietly (and malwarelessly) unless you’re prepared to identify other signs of an attacker’s presence.
Time is of the Essence
We always try to stress that it is better to respond quickly and appropriately than to wait and see. The longer you wait, the longer malware has a chance to spread and do further damage to your network. When it comes to cybersecurity, there’s no time to hope for the best.
So what do we recommend?
Our solution is less complicated and costly than experiencing a full-blown breach. When we respond for our clients, our first step is to quickly and easily deploy technology in their environment that will give us some visibility into the threats inside your network. The key there is to get a complete and accurate picture of the extent to which the malware has done damage, which then allows you to triage and respond appropriately. By getting to the root of the problem immediately, you save yourself time, money, and the headache that waiting could cause.
Having anti-malware technology and a detection & response solution in place can put you ahead the next time malware gets past your defenses.