New Year, New attacks: Staying Ahead as Corruption Techniques Evolve

By Kev Eley, VP Sales Europe at LogRhythm.

  • 1 year ago Posted in

In 2022, 71% of companies worldwide were affected by ransomware. Ransomware operators are continually unleashing new variants of wiper malware into the ecosystem to cause destruction and irreparable losses. A wiper attack is a form of malware threat which erases the hardware of the IT system and deletes critical business data with malicious intent.

Companies must build their strongest defense against wiper attacks by performing regular data back-ups to avoid network downtime and secure business continuity.

Ransomware attacks are constantly evolving and as chief information security officers (CISOs) secure their systems this year, acting on the attackers favoring corruption of data over encryption is imperative. Organizations cannot afford to fall prey to threat actors, who are increasingly corrupting data through wiper attacks, that cripple systems and destroy valuable data.

During the first half of 2022, the number of malware attacks worldwide reached 2.8 billion. Every new year brings a greater sophistication of cyberattacks and so the importance of backing up critical business data has never been higher.

Ransomware has been an attack vector in continual development over the years and is perhaps the one common threat that keeps all CISOs awake at night. In 2023, we’ll see ransomware attacks focusing on corrupting data rather than encrypting it.

A Quicker Way to Steal Crucial Data

Some may wonder why data corruption is on the rise – it seems less effective at face value. However, encryption takes far longer and requires a lot more skill to complete. When a hacker encrypts data, they need to investigate public-private key handling and build an entire decryption code to resolve their work when the organization hands over payment. This is extremely complex and time-consuming, wasting the hacker's time and resources.

Many organizations fail to back up crucial data, leaving them extremely vulnerable to corruption. They are faced with a choice of losing the data or paying the ransomware operators a large sum. Therefore, CISOs must recognize the importance of reinforcing critical business data in an evolving threat environment.

The challenge is that while organizations are becoming increasingly aware of data encryption cyberattacks and how to detect, prevent and mitigate them, they are not so

clued up on wiper attacks. It is a newer ransomware tactic that IT teams lack the knowledge, resources, and skills to prevent.

Traditional methods of data recovery are not suited to the wiper attacks that security teams are seeing. As a standard, data recovery is usually needed due to site or technology hardware failure.

In a ransomware data corruption attack, it is the data that populates these systems that is being attacked. This means usual cybersecurity practices are not enough to protect organizations from the corruption threat.

They need a fresh approach to evolving ransomware threats to avoid losing crucial business data to corruption.

Grabbing Hold of Your Data

CISOs must be prepared to combat evolving threats head-on, and data corruption is just one of those. It is vital to have a strategy in place that will detect, prevent, and mitigate potential cyberattacks at the earliest opportunity.

One of the simplest methods to prevent data corruption attacks is performing regular backups. It is a crucial part of every cybersecurity team's disaster recovery plan. If a data corruption attack were to take place, organizations with backed-up data would not lose their data or have to pay up to attackers. It is also important to do these back-ups regularly so that the data is refreshed and up to date.

Cybersecurity teams need greater visibility into the activity occurring on endpoint devices, such as desktops and servers. With software in place that looks beyond log sources and hones in on rich endpoint data, cybersecurity teams are empowered to detect and respond to threats faster.

A user-aware file integrity monitoring system (FIM) can continuously monitor all files and easily detect who has changed what. By integrating this software with an existing SIEM solution, organizations can gain more control over their data and achieve new levels of visibility. This can include:

· Viewing User and File History Holistically – The cybersecurity team can quickly pivot file access and view a full timeline of activity including both FIM and behavioral information.

· Enriched Security Analytics - Data generated by FIM can be used to solve new use cases for user & entity behavior analytics (UEBA) and endpoint threat detection.

· Identifying Abnormal Behavior – Teams will be able to receive alerts on anomalous user activity related to important files and minimize false positives by corroborating with other data.

· Alarms for Unauthorized Changes – Alarms can be enabled for unauthorized changes to sensitive files and registry settings whether they are caused by an attacker or internal error.

Organizations should integrate this technology into existing security systems such as a security information and event management (SIEM) solution to ensure data corruption ransomware attacks are prevented right from the start. To simplify and reduce the number of products in your security stack, some SIEM solutions offer a FIM add-on.

With increased visibility and greater control, critical business data is more manageable and less likely to get forgotten about. CISOs need to simplify everything as much as possible and have integrated security solutions to truly combat the threat landscape of today, and tomorrow.

Rapidly Evolving Ransomware

Without a doubt, ransomware attacks will become more advanced, and organizations will need to do more to keep their data safe. It will become crucial to prepare for what is ahead, rather than just what is happening now.

As data corruption becomes a more popular ransomware attack, CISOs will need to increase the security of both the original data and backed-up files. With a FIM solution, organizations are setting themselves up for an easier approach to attack mitigation and will quickly be able to update and adapt systems when needed.

Ransomware attacks will continue, but lack of data security must not.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.