Swimming with cyber-sharks and fending off today’s great white: ransomware
July 7, 2020
Swimming in the cyber seas places business owners in all manner of danger but if they know the facts, they can better mitigate cyber-shark attacks. So, let’s talk sharks.
According to the Shark Research Institute, there are more than 400 varieties of sharks, each differing in size, shape, color, and temperament. The whale shark, for instance, can grow to a massive 21 meters long, but swims slowly and peacefully about, filling its massive maw with plankton. By contrast, the cookiecutter shark, at a mere 50 centimeters, is relatively tiny, but voracious. And of course, there is the great white. Considered a “super predator,” the great white shark can reach up to eight meters in length and tends to explore the world around it . . . with its teeth.
While each species has its peculiarities, swimmers will do better to know why sharks attack in general—and less so why a shark may be interested in a specific swimmer. See, sharks rarely, if ever, differentiate at the individual level. Rather, sharks attack:
While knowing the species of a shark, its preferred meal, and how it attacks is interesting, it’s far more important that a swimmer know how not to look, act, or smell like prey to avoid an attack. In other words, become unpalatable and hard to swallow.
At Accenture, we’ve seen the rise in ransomware attacks across the board. Initially, threat actors were targeting certain industries—in clusters and with specific ransomware variants—somewhat like a shark might home in on a specific ocean beach. But after exploring both the industry and ransomware variants in the attacks in search of similarities or causality, we concluded that neither told the full story.
Although informative, focusing on an actor, technology, or malware was not enough to be broadly helpful. We found that the malware used was merely the manifestation of the intrusion and the victim industry or attacking threat group was only relevant to the specific instance at hand. In the end, no industry is immune to attack from an ever-increasing list of malicious actors and thus, more information is needed to devise security plans or postures that keep us safe in the water.
Lately, we’ve seen three strong currents impacting our reefs:
To stay afloat, information security leaders should understand current conditions and threats, specifically how trends are relevant to their environment. For example, Accenture has observed this common attack scheme:
<<< Start >>>
<<< End >>>
Threat actors often:
Once an attack has occurred:
You can begin to evaluate how vulnerable your environment may be to today’s cyber-sharks by asking questions. What are your environmental details? How are you understanding and addressing the current school of weaknesses?
One of the keys to defusing ransomware-attack risk is closing gaps as you identify them and having an agile, defense cycle. Step one: Avoid attack by not appearing as bait and being unpalatable! Step two: If attacked, respond quickly and keep swimming.
For further information, please contact the Cyber Investigation and Forensics Response (CIFR) team at CIFR.firstname.lastname@example.org.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
Copyright © 2020 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks