Behavioural analytics, anomaly detection and visibility: additional protection against ransomware

26. July, 2021

Digitization not only drives new business models and processes forward, but it unfortunately also offers cybercriminals new attack surfaces. The threat of ransomware now affects not only corporate IT systems but also industrial security. Attacks are on the rise. The ICO (Information Commissioner Office) from the UK reported at its May 2021 conference an increase of 13 ransomware incidents per month to 42 in the UK.

One notable incident was the loss of fuel supply along the entire East Coast of the USA. It was triggered by the central operator of the pipeline infrastructure in several states. The attack led to widespread fuel shortages at nearly all gas stations. The effects were so far-reaching that a national state of emergency was declared. [1]

Another far-reaching incident took place in June 2021, when over 1,500 companies worldwide were affected by the so-called “Kaseya ransomware”. Remarkable was the indirect attack vector, in which the management software of supporting supply and service companies, which was considered secure, served as an infiltration channel. The approach is reminiscent of the exploitation of the “Solarwinds” management software vulnerability in December 2020. [2]

Targeted attacks on promising targets

Well-organized, globally operating groups from various nation-states are suspected as the masterminds of the attacks. The actors are flexible and resourceful in exploiting new vulnerabilities ever.[3] Once the attackers have gained access to an internal system to operate from, the best chance is to detect them as soon as possible.

Particularly advanced forms of malware are now designed to remain undetected for as long as possible. Several security levels within the company can also be overcome with this strategy to reach the precious and thus vulnerable areas of the company. The gateways for ransomware attacks are usually easily accessible endpoints in the company. In most cases, security gaps in typical applications are exploited unnoticed by the user. In addition to external lines of defence, it is therefore also essential to monitor the behaviour of the end devices and detect deviations.

Early detection, vulnerability reports and behavioural analysis

The IKARUS scan.engine detects and analyzes malware in multi-stage processes based on signatures, malicious characteristics and behaviour. FireEye Endpoint Detection and Response, which IKARUS also offers as a hosted variant for local companies at its own scan centre in Vienna, also works with the early detection of anomalies. The EDR (Endpoint Detection & Response) solution includes behavioural analysis as well as detection via the unique Threat Intelligence (powered by Mandiant) to also respond to known “Indicators of Compromise”. Rapid detection and response to a threat can efficiently limit the damage if the worst happens.

Nozomi GuardianTM powered by IKARUS brings this necessary transparency about all endpoints, vulnerabilities, and anomalies to OT’s industrial networks (Operational Technology). Protocols from IT, OT and IoT, can thus be made visible, monitored and controlled. Communication in the OT network is analyzed, and security-relevant incidents are bundled into targeted alarms and recommendations.

Want more visibility and protection for your IT, OT or IoT networks?

We will be happy to advise you and look forward to hearing from you at sales@ikarus.at or Phone +43 1 58995-500!

Our recommendations:

IKARUS scan.engine: Powerful algorithm for complex malware recognition

FireEye Endpoint Security: Stop the known, find the hidden and fix the breaches that matter

Nozomi GuardianTM powered by IKARUS: Complete Cyber Security and Visibility For ICS Environments

Sources:

[1] https://www.technologylawdispatch.com/2021/07/data-cyber-security/ransomware-is-on-the-rise-what-to-do-if-you-are-faced-with-a-cyber-attack

[2] https://www.zdnet.de/88395639/kaseya-ransomware-angriff-rund-1500-unternehmen-betroffen

[3] https://computerwelt.at/news/topmeldung/verdoppelung-der-cyber-angriffe-durch-staaten-in-den-letzten-drei-jahren

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download