<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=699785206826853&amp;ev=PageView&amp;noscript=1">

Cyber Awareness Training is Best Strategy for Rise in Ransomware

Posted by Kyle Abbey on Mar 10, 2017 8:45:00 AM

Business Development Associate

Find me on:

Ransomware activity continues to exist, likely due to low overhead and a high investment return for the cyber criminals. Media coverage of successful attacks against Medical institutions and other affiliations in 2016 also show the threat is working.


Ransomware attacks will continue to increase well beyond 2017. Law enforcement has made a dent in some groups by closing down ransomware structures and going after wise guys. As companies get even more privy to threats, they're taking affirmative actions by making and testing backups. They also are testing human security awareness tools to help stop and sense potential cyber crimes before they occur.

Screen Shot 2017-03-09 at 4.50.25 PM-1.png

A major clinic was in the news in 2016 for paying $17,000 in Bitcoins, but what failed to make the news later on in the year were the numerous other firms infected by Locky and other ransomware initiatives that managed to penetrate thousands of businesses. Script-based malicious software VBScript, JavaScript, macros, and PowerShell are still active in 2017. We predict cyber criminals will continue to migrate toward script-based spyware through 2018 due to enhancements in machine learning-related solutions identifying standard executables like EXE and DLL.

Script-based malicious software threats are often harder for point-based security detectors to recognize. Human firewalls are a better method to protect script-based threats like Securables Perimeter cyber tools. We see Script-Based software found in both e-mail campaigns and lateral movement initiatives. Lateral movement happens after the first host compromise; the hackers will begin to concentrate their efforts on gaining access to credentials, internal reconnaissance and attacking other internal systems to get deeper into your network. Early in 2017, we noted Microsoft Publisher documents ( Boozer ) bypassed many spam filters that were being employed to deliver malignant macros. Human Firewall technology like Securable.io educates and verifies stakeholders are compliant with policies. Another similar case concerned MS Word 2007 template files ( DOTM ). Other formats not widely exploited,e.g., PPTM files made in Microsoft PowerPoint, could be the new focus for threat actors in 2017 and beyond. Assailants keep on making their malware more secret and efficient. One of the better strategies for addressing these exploits is to educate, train and verify Employee awareness around nefarious activities. A Human Firewall should be a prerequisite given the pre-eminence in security technology and industry point system controls. As an example, threat actors are hiding malware code in new sectors, and malevolently infecting volume boot records (VBR) and master file tables (MFT) to install malicious software before any security software loads is beginning to become more common.

Organizations should be implementing security awareness programs that help scale back the social engineering attack vector. Few vendors provide tools to educate, verify and comply with company policies. Companies should protect users from themselves by disabling macros by default. Then train staff never to enable macros unless they need to operate on a trusted document.

Get More Info

 

WATCH: Ransomware

 

Keywords: cyber awareness training, cyber security awareness, security training, human firewall, offensive security, social engineering attacks

Topics: Cybersecurity, digital footprint, Human Firewall, Cybersecurity Companies, cyber security training, cyber awareness training, Employee security, IT Security, Social Engineering Toolkit, Security Training, security awareness training

Kyle Abbey

Written by Kyle Abbey

Business Development Associate