For months, Costa Rica has been on the frontlines of unprecedented ransomware attacks from Russian group Conti that have impacted just about every aspect of life.
Essential services have been crippled, teachers have been unable to collect their paychecks, doctors have been prevented from tracking the spread of COVID-19, all while international trade has ground to a halt.
The chaos in Central America caused by Conti is not an isolated incident, however. Instead, it’s the culmination of a recent rise in ransomware attacks across the globe. So, with threat levels increasing what can governments and private sector organizations learn from these attacks and how can they avoid ending up in cybercriminals’ crosshairs themselves?
Beware Vulnerability Windows
Ransomware attacks are rarely the acts of individuals sitting at their computers and randomly deciding when to strike. Instead, they’re meticulously planned. The culmination of weeks, often months of threat actors accessing systems and planting the seeds of their assault so that they can cause the maximum possible disruption.
As a result, you often see ransomware attacks targeted during times of instability or uncertainty. We’ve experienced that with the handover of power from one government to another; but we’ve also seen attacks coincide with other world events such as the start of the war in Ukraine and the onset of COVID-19, distractions that make it easier for cybercriminals to not only access systems but cause the most damage.
These disruptions don’t even need to be massive geopolitical events like wars or pandemics. Change in any form brings with it risk. Indeed, in previous years, we’ve seen ransomware attacks targeted to coincide with national holidays, Christmas and even long weekends. The aim of the attackers is to catch their targets off balance when people’s attention might be elsewhere.
We call these “vulnerability windows” and in order to effectively protect themselves organizations, whether they’re governments or businesses, need to proactively monitor their risk and deploy resources accordingly.
Practice Good Cyber Hygiene
People might view ransomware attacks and think that they’re the result of a massive security breach or organizations not having stringent enough controls, but more often than not this kind of event is simply the result of poor cyber hygiene.
The concept works in exactly the same way as personal hygiene, in that people who maintain their health by taking preventative measures are less likely to get sick while those who don’t put themselves at a greater risk.
When it comes to organizations, poor cyber hygiene creates chinks in your security architecture that attackers can exploit. That’s why practising good cyber hygiene is so important. Simple steps like using strong passwords, multi-factor authentication, updating software regularly and securing backups all go a long way to keeping your security infrastructure intact.
Watch Out for Insider Threats
Recently we’ve seen a growing number of attempts by groups like Lapsus and Conti to actively recruit individuals from within governments and businesses to sell remote access credentials. There are advertisements all over the internet with groups overtly asking for this kind of access and offering good money for it.
It’s not just money that can motivate insider threats either, sometimes the intent can be malicious. Perhaps an individual doesn’t agree with the politics and policies of the organization they work for. Or they’re leaving, so take access with them or leave back doors open for attackers to get in after they’re gone.
Whatever their motivation may be, monitoring is vitally important in order to protect from this kind of insider threat. Fortunately, the behavioural analytical heuristics that are now set within security programs are specifically designed to spot unusual activity. Used in conjunction with good cyber hygiene, organizations can help to protect themselves from attacks wherever they originate from.
How Can Governments Combat the Rise of Ransomware?
It’s easy to look at recent attacks and think this is trouble in a faraway land. But the simple truth is that attacks can and do happen everywhere. In fact, our most recent Check Point report shows that Latin America is facing the same level of threat as those of us here in Europe.
The problem is that we’re not doing enough to ensure that organizations, whether private or public sector, are protected from the rise of ransomware. Indeed, while governments have worked to implement stringent measures in areas like data privacy the same can’t be said for ransomware.
So, where there should be strong compliance or mandates in place to ensure that organizations are adequately protected, there are instead guidelines and best practices that businesses can choose to follow. It’s a crazy situation. After all, in other areas of life like driving a car, for example, you need to reach a certain level of qualification or capability before you’re given a licence.
But you don’t need any specific qualification or certification to be given the task of securing a business. And until ransomware is treated as seriously as other areas, organizations across the world will be put at risk.
Don’t Get Complacent
Cybersecurity can’t just be another tick box exercise and governments must act to set standards and enforce compliance in order to ensure that organizations are adequately protected.
It’s time we started to adopt a risk management framework that ensures organizations are as protected from ransomware as they are from other threats facing their operations.
We’ve got to become more proactive, conducting regular exercises, threat assessments and testing to ensure that we know our systems will stand up to attack. Because the biggest lesson we can take away from the plight of Costa Rica is that ransomware attacks can and do happen to anyone.
By Deryck Mitchelson, Field CISO at Check Point.