Ransomware is malicious software that encrypts data on a target system and demands a ransom in exchange for restoring access to the encrypted data. The demand is typically in Bitcoin and requires a digital key to unlock the files. These attacks range from low-level nuisances to serious incidents such as the data lockdown of several organizations.
The recent incident of the ransomware “Petya”, which hit Ukraine in 2017 and cascaded to several countries, brought into light the extent of damage a ransomware can bring. The attack spread through Ukrainian government systems that use Microsoft Windows. This resulted in the ransomware shutting down banks, state power utilities, ATMs, airport and metro system. It also resulted in the Chernobyl radiation monitoring system to go offline and forced officials to check radiation levels manually. The ransomware demanded $300 Bitcoin, which was allegedly paid by various companies.
Preventing ransomware begins with updating and patching operating systems and applications regularly. Furthermore, regular backups of all systems on a network can greatly reduce the damage caused by a successful attack. Remind users to be wary of suspicious files they receive, and make sure they understand how to identify and filter malicious emails. Lastly, be sure that a reputable anti-malware solution is installed on all systems.
Security monitoring grants real-time visibility of users and their devices. Through monitoring, software professionals can verify security and compliance requirements regardless of whether data is stored locally, in a database, in a virtual environment or in the cloud. Additionally, monitoring solutions classify devices by type, owner, and operating system to deliver insights and make preventing and responding to risks easier. Here are just a few effective ways to implement security monitoring:
Phishing attacks are hard to detect. They often appear to be everyday emails from known and trusted sources, but they trick users into installing malware on their devices, giving hackers access to their victims’ workstations.
These attacks are often used to steal confidential user data, like credit card numbers and login credentials. The attacker purports to be a trusted source or entity and convinces the target to click on a malicious link. This often leads to the installation of malware, or to a fake login page under the attacker’s control.
Proactively blocking malicious emails and securing email gateways can reduce the users’ exposure to generic, opportunistic campaigns. Many security solutions also include features to help identify breaches and support regulatory compliance. Creating awareness among users, conducting training and running simulations can also reduce the effectiveness of phishing attacks.
Combining phishing awareness with training provides users an easy way to act on their knowledge and empowers users to take charge of their own security. Being able to identify affected user accounts and their credentials is crucial. Supplementing user-based reporting with detection capabilities provides complete end-to-end visibility to the security authorities in an organization — when employees report breaches themselves, there is more time to take countermeasures that limit their impact.
A few anti-phishing monitoring techniques are listed below:
Endpoint attacks target user systems rather than their servers. These user systems are entry points to network and include smartphones, computers, laptops and fixed-function devices. Endpoint attacks also affect the shared folders, Network-attached storage (NAS) and hardware such as server systems.
Endpoint security is implemented on the user systems to prevent them from running malicious threats, which may be internal or external, from malware or non-malware, data theft, and system disruption. A way to prevent an endpoint attack is by setting up high endpoint security that combines prevention, detection, monitoring and determining root causes of an attack.
It is important to note that endpoint security is very different from traditional antivirus mechanisms as it uses predictive analyses instead of reactive actions.
Therefore, organizations should setup endpoint-monitoring solutions that monitor connection activity and can identify an anomaly indicating a potential threat. Another way to combat an endpoint attack is through behavioral analytics. It observes parameters such as user behavior, network behavior, other entities that connect to it, and looks for patterns and tasks that are not within the norm.
Other steps include removing administrative access from an endpoint system, which do not require administrative rights for everyday applications, keeping systems up to date, implement advanced authentication.
These monitoring techniques can help to prevent endpoint attacks: