According to security specialist Malwarebytes, a major problem that IT decision-makers are facing is the growing number of flaws found in Web browsers, which is proving to be the biggest endpoint security headache. The growing number of exploitable browser vulnerabilities is a greater cause of concern than any other security issue.
Ransomware (see Definition below) may be the least prevalent of specific threat in terms of overall numbers, but it is the most impactful. It is the severity at which it damages operations and information of many organizations. The last year saw a decrease in the new and novel types of ramsomware, but at the same time we have since the emergence of one of the worse kind of ransomware, Cryptolocker. With most ransomware, there are always copycats and variants, but what sets Crytolocker apart is that there are a few copycats. It seems that Crytolocker attack is by a single, intelligent and resourceful entity. As such, this can be more dangerous than having similar malware in the hands of many groups.
With the advent of such attacks, traditional anti-malware programs are no longer sufficient in combating such menace. What is needed is a layered approach to security or layered defense (see Recommendation below). This will reduce the risk of attacks.
One of the main reasons that organizations are unable to protect themselves is due to zero-day vulnerabilities (see Definition below). This is because nobody knows about them until is it too late, and patches are released after the fact, that is, after the infection takes place. As Josh Cannell, malware intelligence analyst at Malwarebytes says, “The only way to comprehensively protect against these vulnerabilities is by using a security solution that acts proactively to combat these threats, and there are few options available that do this effectively.”
Ransomware is here to stay. We will continue to see the continued growth of this menace as it continues to advance and become more effective. Ransomware seems to have had the most severe impact on organizations. It is also being used in web exploits as a payload and the number of victims will increase.
This will take a severe toll on employee productivity, not to mention frustration as a result of loss data / information and the recovery periods. It is with such potential risks that backups of important files and data are mandatory. Such backups should preferably stored offline.
Below is critical security controls in a layered approach to security by SANS
5 key layers are:
- Network controls.
- Reputation (refers to the “reputation” of a file – checking the unique checksum of a file with that of another).
- Behavioral analysis.
- Detection and remediation.
- www.sans.org (for Recommendation above)
- Zero-day vulnerabilities / exploits – a zero day threat is an attack that exploits a vulnerability before developers / vendors become aware of it and have had time to address and patch it.
- Ransomware – a rogue program that holds a user’s computer hostage until a ransom (in most cases, money) is paid. In such an attack, the user’s data is encrypted and will only be decrypted once the ransom fee is paid.