Though still very much a work in progress, with no enforcement expected before 2024, organizations would do well to start evaluating the impact of the draft NIS.2 directive proposal on their current security posture. The presentation of Mr. Pieter Byttebier (Centre for Cyber Security Belgium) is a very good start for this exercise.
Cyber Talk: Insight in an Advanced Ransomware Attack
1 February 2021 – Cyber Security Coalition
Don’t be hostage to ransomware!
No other form of malware attack is more on the rise but ransomware. It’s even more to be feared because of data sprawling to less defended edges of corporate systems, due to more home working. And it’s not only denial of access to data that’s at stake, but also data deletion, data stealing, possibly followed by data leaking, as well as device locking, preventing recovery.
In his Cyber Talk presentation, Edwin Weijdema, Global strategist product strategy at Veeam, offered an in depth insight into today’s ‘advanced ransomware attacks’. Including some why’s to pay attention: there’s an attack somewhere worldwide every 11 seconds; average payment is 180.000 USD (mainly in bitcoins) and company downtime is on average 16 days!
A ransomware attack runs through six stages. First is observation: gather information about a possible point of entry, from all possible sources (including social media and e.g. LinkedIn). Next is ‘sneaking in’, usually through phishing mails (including spear phishing and whale phishing: going for the top profiles). Once in, ‘setting up’ prepares the information environment for continued attack, followed by ‘elevate access’ to increase the number of accessible systems. One stage also involves the attackers ‘crippling the recoverability’ (e.g. thwarting BU and recovery procedures). And finally, ‘ransom declaration’: you get the ominous message on your screens. As an example, Edwin Weijdema describes an attack from Oct 15th till Dec 23rd 2020, on which date 267 servers were encrypted in 25 minutes time. Interesting advice: don’t contact the attackers immediately after the appearance of the message, buying yourself some additional response/recovery time.
Ultimately, it also depends on your measure of preparedness, particularly regarding recovery. Be prepared to restore 100% of a valid ‘100% BU’, in a tested business continuity and recovery process!
Other blog posts
The GOVERN&LAW experts share the do's and don'ts when setting up a whistleblowing system in your organization and demonstrate how such an effective and robust system can help you self-detect incidents before they become scandals.
In this GDPR anniversary webinar, three privacy experts focus on the challenges they face when assessing and implementing government measures adopted in the fight against COVID19. The Corona pandemic has risen awareness of the importance of privacy, not only in our private life but also in the employer-employee relationship, and the need for a broader democratic testing of privacy threatening technologies.
One main objective of the European Cyber Security Act is to inform business and consumers about the security of ICT products, processes and services, through certification schemes. This webinar provides solid information about the present status of the Act's implementation.
This session of the Privacy Focus Group provides a valuable and practical primer for acquiring more insight in the issue of international data transfers after Schrems II and Brexit.