Digitization not only drives new business models and processes forward, but it unfortunately also offers cybercriminals new attack surfaces. The threat of ransomware now affects not only corporate IT systems but also industrial security. Attacks are on the rise. The ICO (Information Commissioner Office) from the UK reported at its May 2021 conference an increase of 13 ransomware incidents per month to 42 in the UK.
One notable incident was the loss of fuel supply along the entire East Coast of the USA. It was triggered by the central operator of the pipeline infrastructure in several states. The attack led to widespread fuel shortages at nearly all gas stations. The effects were so far-reaching that a national state of emergency was declared. [1]
Another far-reaching incident took place in June 2021, when over 1,500 companies worldwide were affected by the so-called “Kaseya ransomware”. Remarkable was the indirect attack vector, in which the management software of supporting supply and service companies, which was considered secure, served as an infiltration channel. The approach is reminiscent of the exploitation of the “Solarwinds” management software vulnerability in December 2020. [2]
Targeted attacks on promising targets
Well-organized, globally operating groups from various nation-states are suspected as the masterminds of the attacks. The actors are flexible and resourceful in exploiting new vulnerabilities ever.[3] Once the attackers have gained access to an internal system to operate from, the best chance is to detect them as soon as possible.
Particularly advanced forms of malware are now designed to remain undetected for as long as possible. Several security levels within the company can also be overcome with this strategy to reach the precious and thus vulnerable areas of the company. The gateways for ransomware attacks are usually easily accessible endpoints in the company. In most cases, security gaps in typical applications are exploited unnoticed by the user. In addition to external lines of defence, it is therefore also essential to monitor the behaviour of the end devices and detect deviations.
Early detection, vulnerability reports and behavioural analysis
The IKARUS scan.engine detects and analyzes malware in multi-stage processes based on signatures, malicious characteristics and behaviour. FireEye Endpoint Detection and Response, which IKARUS also offers as a hosted variant for local companies at its own scan centre in Vienna, also works with the early detection of anomalies. The EDR (Endpoint Detection & Response) solution includes behavioural analysis as well as detection via the unique Threat Intelligence (powered by Mandiant) to also respond to known “Indicators of Compromise”. Rapid detection and response to a threat can efficiently limit the damage if the worst happens.
Nozomi GuardianTM powered by IKARUS brings this necessary transparency about all endpoints, vulnerabilities, and anomalies to OT’s industrial networks (Operational Technology). Protocols from IT, OT and IoT, can thus be made visible, monitored and controlled. Communication in the OT network is analyzed, and security-relevant incidents are bundled into targeted alarms and recommendations.
Want more visibility and protection for your IT, OT or IoT networks?
We will be happy to advise you and look forward to hearing from you at sales@ikarus.at or Phone +43 1 58995-500!
Our recommendations:
IKARUS scan.engine: Powerful algorithm for complex malware recognition
FireEye Endpoint Security: Stop the known, find the hidden and fix the breaches that matter
Nozomi GuardianTM powered by IKARUS: Complete Cyber Security and Visibility For ICS Environments
Sources:
[2] https://www.zdnet.de/88395639/kaseya-ransomware-angriff-rund-1500-unternehmen-betroffen