New Ransomware Attack By Russian Hackers Highlights Cybersecurity Challenges

NBC News reported on Friday that, “A successful ransomware attack on a single company has spread to at least 200 organizations, according to cybersecurity firm Huntress Labs, making it one of the single largest criminal ransomware sprees in history.” The Washington Post later said the attack impacted more than 1,000 companies.

According to Forbes, a group of Russian-speaking hackers claimed responsibility for the massive ransomware attack and demanded $70 million in bitcoin to restore the companies’ data.

In the face of these and the rising number of cyberattacks, business leaders continue to confront major challenges that make it difficult for their companies to prepare for and deal with cyber-related crisis situations.

Cyber Vulnerabilities And Trends

On Wednesday, Cobalt released their annual report that examined corporate cyber vulnerabilities and identified the trends and hazards that impact the cybersecurity community. The data was collected from the company’s proprietary platform that connects ethical hackers with organizations that need security testing and to collaborate on finding and fixing security vulnerabilities, according to Caroline Wong, chief strategy officer at Cobalt.

“Unfortunately, the high-profile cyberattacks that have occurred in the past few years —Equifax, Solar Winds, Colonial Pipeline, JBS —are not fundamentally different from the kinds of attacks that we’ve observed over the past couple of decades,” Wong observed.

She noted that,“The first ransomware attack occurred in 1999. The cybersecurity industry knows how to find, fix, and prevent these types of problems from occurring. The National Vulnerability Database, created in 2000, contains more than 150,000 publicly known security vulnerabilities. The OWASP Top 10, a list of common web application security vulnerabilities, has not changed significantly from its first iteration in 2003. So, why do these attacks continue to occur?”

Underutilized Security Measure

To find out why, Wong said Cobalt analyzed data from more than 1,600 security penetration tests (known as pentesting) that were conducted in 2020. She said, “Pentesting is underutilized as a preventative security measure. Organizations struggle to find the right talent to test their security, and even when they do manage to identify vulnerabilities proactively, they are too slow to remediate the findings.”

Cobalt also interviewed more than 600 companies who were not customers about their cybersecurity practices and procedures.

5 Major Challenges

According to Cobalt’s report, the major challenges facing companies as they try to deal with cyberattacks include:

Slow Response Times

• Organizations are taking too long to respond to security threats: 25% of respondents reported that their company takes up to 60 days—or longer—to address low- to medium-risk vulnerabilities; 1% of companies don’t bother to remediate the attacks at all. 
• 67% of respondents believed their companies’ sluggish responses to medium and low security vulnerabilities creates a big risk for their businesses.

Insufficient Budgets

• 42% said their companies do not have a budget to fully test all of their applications.

The Right Skill Sets

• 86% of respondents agreed that it is difficult to find and/or hire people with the right skill sets to do pentesting.

Testing Gap

• Even though 78% of respondents agreed that pentesting is a high-priority item for their security teams, they conduct the tests on 63% of their application portfolios, on average. Wong said, “This leaves glaring holes in the security posture of organizations.”

 Collaboration

• Only 3 in 10 of those surveyed reported their company’s security and engineering teams were “intertwined.” Security & engineering teams still have work to do to effectively collaborate on remediation priorities. This means that lower-risk vulnerabilities stay exposed for longer and come up again at a later test.

Advice for Business Leaders

Testing Options

Michael Balboni chairs the cyber security and infrastructure protection committee for New York Power Authority, the nation’s largest public utility. He said, “With the rising threat of cybersecurity attacks, every company and organization needs to have a firm understanding of their cybersecurity strengths and vulnerabilities.”

Balboni listed three ways to conduct cybersecurity vulnerability tests:

• Pursue phishing exercises, in which the IT department intentionally sends fake emails to employees with malicious links. If an employee clicks on the link, they must attend cybersecurity trainings. If an employee continues clicking on the link after attending trainings, they either need to have limited access to the company network, or they need to be let go.
• Conduct a vulnerability assessment that analyzes the architecture of defense, firewalls, access control, and identity management. Having a report detailing a company’s cyber vulnerabilities allows the company to develop a strategy to mitigate their vulnerabilities.
• Do “red teaming”, which is when a company retains an adversary who goes into the company’s network, finds vulnerabilities and scores their vulnerability level. Some companies create a “bug bounty”program where friendly hackers get rewards for finding malware in a company’s network.

Employee Training

Digital forensic expert Ondrej Krehel is the CEO and founder of LIFARS. He said business leaders should, “Make sure you have regular and frequently updated employee trainings to educate your teams on the latest social engineering tactics.

“Considering that there are often significant insufficiencies in these processes, I want to emphasize the need for business continuity, disaster recovery and incident response planning. IT staff and security employees should always what, when and how to execute in case of an incident or breach. They should at the very least know who to call and have a specialized resource that can come and solve the problem on their behalf, he said.

Action Plan

Neil Jones, a cybersecurity industry expert, has more than 15 years of experience in data governance, application security testing and penetration testing and is the senior manager for governance marketing at Egnyte. He recommended that, “Cybersecurity testing should be conducted as frequently as possible, particularly with the current explosion of zero-day malware and ransomware.

“However, ‘analyst fatigue’ is a real concern, so there's no point for organizations to conduct testing if no one will actually take action to remediate the vulnerabilities,” he advised.

Jones said a reasonable action plan would include:

• Daily vulnerability reporting for potential ransomware, insider threats and compromised logon credentials.
• Automated penetration testing for devices and applications.
• Routine blue-team/red team testing,
• Daily patch management updates.
• Specialized testing for major updates from key technology vendors such as Microsoft, Adobe, Apple, etc.
• Regular security auditing by third parties on a quarterly basis.

7/4/21 - The story was updated with information about the number of companies impacted by the ransomware attack.

7/5/21 - The story was updated with information about the hacker’s demands.