Following the breaking news of a cyberattack that is affecting firms and national infrastructure around the globe , Imperva has commented.
Terry Ray chief product strategist at Imperva, said: “Surging in popularity, ransomware is now one of the most profitable types of malware attacks in history. Cybercriminals have discovered how financially rewarding—and easy to use—it can be, especially against larger targets with business-critical data stored on file shares.
"In the decade since its initial appearance, the ransomware extortionate has evolved from a collection of ad-hoc tools implementing an unripe idea and run by callow hackers, to a smooth and highly efficient ecosystem run by professionals and filling the hacker’s most desired void: the path from infection to financial gain.
"In the past, ransomware did not appear on the threat list for organizations, mostly due to their backup systems and recovery procedures for data loss situations, which were designed with natural disasters in mind, but could be useful for ransomware as well. This situation has changed drastically with the recent explosion of ransomware attacks.
"Now, it is hard to tell whether these infections occurred randomly (such as when an individual opens an infected personal e-mail), or if the attack has been carried out intentionally by someone deliberately looking to cause damage to a company. Another possibility is that a bad actor could enlist a user-friendly ransomware service that can be easily deployed with very little technical skill, known as ransomware-as-a-service . However, the good news is there are in fact a number of effective ways to defend against ransomware.
"The history of cyber events has taught us that as good as perimeter and endpoint protection may be, security officers should assume that eventually the attackers will find their way in. Data breaches and ransomware attacks both have a common meeting point, which is the place where data resides.
"A critical line of defense for both types of attacks is the security controls where this data is stored—databases, files and cloud applications— and in the applications through which it is accessed. Such security controls, which include monitoring access, specifically around data modification and detection of suspicious anomalies in access patterns, will facilitate early detection of ransomware attacks and immediate isolation of the suspicious endpoint to prevent the encryption or hostage of the files.”
Itsik Mantin, director of security research at Imperva, added: “These increased attacks point to the need for solutions like artificial intelligence and machine learning. Often the output of today’s cyber security products is overwhelming amounts of data and alerts for the security team to sift through and act upon.
"These solutions are programmed to learn as much as they can about any given situation. Theoretically, a properly programmed piece of AI software could perform the same preventative and analytical security measures as a member of the IT staff in a fraction of the time.
"Machine learning technology is already employed in the detection of malicious mail messages and malware, two of the main infection vectors of ransomware. However, it is a race in which the attacker is often one step ahead of IT. IT needs to win all the battles in order to win the war against the attackers who only need a single successful attempt at access to win.”