Today’s organizations are saturated with complexity. Hybrid cloud environments, Virtual Desktop Infrastructures (VDIs), an explosion in Bring Your Own Device (BYOD), mobile and Internet of Things (IoT) endpoints have all expanded the attack surface so that the traditional perimeter is effectively dead. Digital Transformation means business is built on data.
But there’s so much of it, and so many avenues to steal it that it becomes a huge challenge to secure. In addition, companies also need to ensure the resilience and reliability of data-driven services in the face of escalating ransomware threats.
In the first half of 2018 alone Trend Micro blocked over 20.4 billion threats for its customers and partners. That included a 93% year-on-year rise in ransomware.
But that’s only half the picture. Attackers have become smarter over the past few years. The days of threats using a single attack vector have long gone. Cyber-criminals are increasingly using multiple techniques in a single campaign, often requiring little or no human intervention.
Attacks are automated and highly effective, relying on exploits for known vulnerabilities that organizations have left un-patched. Everything the budding hacker needs to launch such an attack is readily available on the Cyber-Crime underground.
One notorious recent example is NotPetya, the destructive ‘ransomware’ campaign that cost some organizations like global shipper Maersk, and FedEx hundreds of millions. In this instance the attacker used a weaponised document using the publicly available SMB exploits EternalBlue and EternalRomance.
However, they also leveraged the mimikatz post-exploitation tool to self-propagate NotPetya worm-like so it spread to other connected networks. It ended up spreading in this way around the globe, causing huge financial losses along the way.