Pressure on Security Leaders to do More with Less
As technology continues to evolve at an unprecedented pace, so does the sophistication and frequency of cyberattacks. Security leaders are under pressure to do more with less, but unfortunately, the situation is being exacerbated by these attacks. Cyber incidents, particularly ransomware attacks, are becoming more prevalent in critical infrastructure, supply chain, and financial institutions. In 2021, the Cybersecurity and Infrastructure Security Agency (CISA) observed ransomware incidents against 14 of the 16 US critical infrastructure sectors. Ransomware attacks have become the fastest-growing type of cybercrime, and the financial implications are becoming more pronounced.
RVWP: A Good First Step
To protect critical infrastructure organizations from ransomware attacks, CISA launched the Ransomware Vulnerability Warning Pilot (RVWP) program in March 2022. The program is aimed at helping organizations fix vulnerabilities and protect their systems against ransomware attacks. Although RVWP is a good first step, organizations need a security plan with multiple layers that includes technology measures, employee training, and well-defined and enforced security policies to protect against ransomware and other cyber attacks.
Limitations of RVWP
While RVWP is a valuable program, it has its limitations. Ransomware attacks are opportunistic, and they will take advantage of newly discovered vulnerabilities to infect targets. Widespread network exploitation events impacting critical infrastructure are infrequent, but smaller-scale attacks against well-known vulnerabilities persist and still have some level of success. Ransomware operators use watering-hole attacks, spear phishing, malicious advertising, and other social-engineering tactics that exploit humans to gain a foothold in network environments in the downtime between major vulnerability discoveries. No amount of network scanning and reporting can mitigate these risks, which means critical infrastructure will continue to be affected by ransomware.
GootLoader: An Example of Malware’s Spread
GootLoader is a popular malware that gives threat actors initial access to the victim’s IT environment. It uses search engine optimization (SEO) poisoning to lure and infect victims and compromise legitimate WordPress websites. In monitoring GootLoader, more than 700,000 URLs injected with the malware have been tracked, and those contain around 3.5 million phrases that someone might use in a keyword search. Although GootLoader doesn’t seem to specifically target critical infrastructure entities, they should still be concerned because the malware can be deployed through legitimate websites.
Next Steps to Mitigate Risks
While protecting critical infrastructure can seem overwhelming, there are some critical first steps the industry can take to become more cyber resilient and mitigate risks. The first step is end-user training and phishing simulations. CISA should expand the RVWP to provide free end-user training and phishing simulations to critical infrastructure providers through third-party security providers. Improving search engines is another important step that can be taken. The industry needs to encourage search engines to proactively search for and remove malicious ads and search results from their platforms. CISA could also implement a program to scan for and report malicious ads and search results directly to the responsible teams at the major search engines for rapid mitigation.
Providing security teams with better insight into ransomware operations’ kill chain can also help protect critical infrastructure. For example, remapping dangerous file extensions to open in Notepad instead of executing an application can break the chain so that many types of malware cannot gain a foothold on the network. These measures could have a far greater impact on stopping the proliferation of ransomware than the current program alone.
Conclusion
While the RVWP program is a good first step in protecting critical infrastructure from ransomware attacks, more work needs to be done. Organizations need a security plan that includes multiple layers of security measures, employee training, and well-defined and enforced security policies. Additionally, proactive steps need to be taken to remove malicious ads and search results from major search engines. Providing security teams with better insight into ransomware operations’ kill chain can also help to mitigate risks. All organizations need to remain vigilant and stay ahead of evolving cyber threats by embracing a culture of cybersecurity.
About the author: is a current affairs commentator and the editor-in-chief of Time Magazine.
<< photo by Marlene Leppänen >>
You might want to read !
- How Ransomware Attackers Shut Down a Hospital in Illinois
- Navigating the Adversarial Landscape: Details of a Large-Scale Attack on Global Organizations
- The Growing Threat of Bulletproof Hosting Services: Romanian Operator Sentenced to Prison in US
- Experts warn of urgent need to improve U.S. critical infrastructure protection
- Urgent Action Needed: Experts Call for White House to Fix Critical Infrastructure Protection
- Protecting Critical Infrastructure: How Choke Points Can Improve Security
- How Section 702 Data Was Utilized in Apprehending Colonial Pipeline Hacker, According to Biden Administration
- “Maximizing Cybersecurity: Utilizing Continuous Monitoring and Threat Intel to Combat Ransomware”
- The Importance of Robust API Security for Your Business
- The Urgency of Replacing Hacked ESG Appliances According to Barracuda
- The Rise of System Intrusions: Why They Pose a Greater Threat than DOS Attacks
- The Vulnerability of Zyxel Firewalls and the Need for Immediate Action
- “Exploring the Value of Twitter Threat Intelligence for Enterprise Cybersecurity”
- The Power of AI in Cybersecurity Recovery
- “Enhancing Cybersecurity Preparedness: WithSecure Introduces Advanced Incident Response and Readiness Services”
- Manufacturing Security: Strategies for Cutting the Attack Surface
