November 24, 2024
Texas RE: Malware, Ransomware Attacks ‘Here to Stay’
Online Crime Could Become Political
Shutterstock
Cyberattacks for economic gain are “without a doubt” going to remain a danger for businesses for some time, the Texas Reliability Entity said in webinar.

Cyberattacks for economic gain are “without a doubt” going to remain a danger for businesses for some time, the Texas Reliability Entity told its members Thursday.

Jason Moehlman, the organization’s manager of internal cybersecurity and compliance, said during a Talk with Texas RE webinar that bad actors behind malware and ransomware attacks have little to lose and everything to gain.

“A lot of the attackers are basically countries not necessarily friendly to the U.S.,” he said. “There’s no real motivation for them to shut down those criminal organizations or they are actually groups working for that state. And with what we’ve seen, many companies are willing to pay that ransom, so we’re probably going to be dealing with these types of attacks for years to come.”

The attacks are designed to eliminate computer systems by either completely destroying them (malware) or by rendering them unusable until a ransom is paid (ransomware), Moehlman said. Whereas malware is less common and most often used by nation states for political motivations, he said, ransomware is deployed by criminal organizations to make money.

And the attacks could become more political and even more “battlefield oriented.” Moehlman pointed to rising tensions in Eastern Europe, where Russian troops are poised on Ukraine’s border. Just last month, businesses in the former Soviet republic were hit with the WhisperGate malware. Russian hackers are thought to have been behind a pair of attacks on Ukraine’s power grid in 2015 and 2017. (See Six Russians Charged for Ukraine Cyberattacks.)

“We may actually see cyber deployed as a weapon in an actual conflict on a very wide scale for the first time,” Moehlman said. “Everyone’s a little nervous about what’s going to happen there. So, I do think we need to make sure we’re putting a little more emphasis on securing your environments to the best of our ability.”

He said last month’s attack used malware that presented itself as ransomware, but there was no way to recover the system.

“It overwrites the master boot records of those systems. That seems to be the playbook for this type of malware,” Moehlman said.

A company’s defenses against malware or ransomware is going to be the same, he said, because 95% of the malware is written for Microsoft Windows.

“It’s probably what most of us are using in our IT environments. Put your focus there,” Moehlman said.

He listed four foundational responsibilities within the IT environment, primarily for preventing and recovering from malware attacks:

  • have someone responsible for inventorying the IT environment;
  • timely application of patches beyond Microsoft programs;
  • logging Windows events and traffic; and
  • using a 3-2-1 backup strategy (three copies of data: two different types of media like disks, tapes or the cloud, and one backup off-site).

“Put some effort into managing them,” Moehlman said. “One, it’s going to reduce your attack surface when it comes to destructive attacks. And secondly, it’s going to improve your ability to recover your environment should that worst-case scenario happen.”

Interestingly, he said one security weakness comes from Big Tech itself.

“It’s the Microsofts, the Googles, the Apples and all the other software vendors out there that are telling the world what’s wrong with their product, usually once a month,” Moehlman said. “There’s a lot of smart people with a lot of resources and money behind them taking those updates, reverse engineering and building exploits that can be used in a relatively short time frame of weeks or months.”

Moehlman also offered defense measures, such as layered security controls with policies and procedures and employee awareness and training; restricting physical access; and hardening protection for networks, devices, applications and data.

“Do you have those basic policies and procedures in place that are designed to limit threat external actors between your environment? And are you implementing those?” he asked, rhetorically.

“It’s always a good idea to review those policies on a frequent basis. Make sure you actually adhering to them,” Moehlman said. “Hopefully, I’m preaching to the choir.”

Texas RE

Leave a Reply

Your email address will not be published. Required fields are marked *