This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Bruce Young, Graduate Cybersecurity Program Lead, Harrisburg University of Science and Technology and GRC Security Services Practice Lead at PCN Inc.
An interesting phenomenon over the last 12 months is that cyber-attackers are now using Denial-of-Service (DoS) attacks to extract ransom (not ransomware) from organizations. The successful ransomware attack that caused the Colonial Pipeline to stop operations as they shut down their systems due to a computer breach had far reaching consequences. The Wall Street Journal reported that the Colonial Pipeline CIO authorized the ransomware payment of $4.4 million to be paid the same day of the attack. From the information provided, it would seem the ransom was paid before cybersecurity experts were able to investigate the type and extent of the impact from the attack. When ransomware attacks happen, it’s become so commonplace for organizations to just pay the ransom. They don’t even understand the type of cyber attack they have experienced. Organization’s most likely have the tools or can work with service providers to prevent DoS attacks, as well as other forms of cyber-attacks. Lack of knowledge and understanding of cybersecurity, organizations are just paying the ransom!
One of the biggest cyber-breaches that was initially reported in July 2019 was the Capital One financial company. It was not well publicized that up to 100 million credit card applications were stolen and posted on Github. Capital One is a financial institution that is known to aggressively utilize technology services, such as cloud computing. The reason it was not well publicized is that Capital One was utilizing Amazon Web Service (AWS) cloud environment to host the systems containing the credit card applications. An AWS contracted employee, Paige A. Thompson, breached security controls to extract the credit card applications from Capital One’s database systems. The reason this is one of the biggest cyber-attacks is that it included one of the top five largest financial institutions and one of the largest Cloud Service Providers. Many people are not aware of the breach as it went quietly away! More details of the FBI Investigation report, HERE.
Cyber-attacks, such as ransomware, will persist as they do today, as long as they continue to be successful. Why change what is working, ransomware is proven to be successful, why build something different. What does change, is the ransomware itself, as it is updated and modified to continue to be effective. The new trend, which was experienced by the Colonial Pipeline cyber-attack, is that the bad actors are well organized. The type of ransomware attack launched against Colonial Pipeline is known as Ransomware-as-a-Service (RaaS). Which means that the attack was coordinated by a group of bad actors that used the ransomware service developed by another group. This is an indication that ransomware cyber-attacks are only going to get more sophisticated.
The cyber-threat landscape is only going to continue to get worse. As long as organizations continue to pay the ransom, the bad actors will continue to attack them. Below are three pieces of advice for organizations to defend against future cyber-attacks.
