Learning
Grace Hopper, pictured above, was a pioneer in the computing industry especially in computer programming. Among her many achievements, Grace helped to develop the first compiler that would translate computer code to machine language. She spent her career making computers easier to use and available for the masses. Rear Admiral Hopper died in 1992 at the age of 85. Hopper is known throughout the world as a pioneer for computing as well as a role model and advocate for women in technology.
Hopper is attributed with and lore is written about the first computer "bug". In 1947, a moth was found inside the Harvard Mark II computer and recorded in a log book by physically taping the bug to the paper. Hopper is attributed as having found the bug, but that is probably not true. She did, however, work on that machine and was there at the time. She is known to have recounted that story many times during her life.
Bugs, errors, mistakes, miscalculations, vulnerabilities... they all lead to opportunity for those who can determine how to exploit unpredicted behavior of a computer program. When programs break, security breaks. When security breaks, intruders and attackers stand at the ready.
I'd like to draw your attention to two resources from Carnegie Mellon's Software Engineer Institute (SEI). Both resources are free to download and do not require sign-up or account creation.
The first resource is a whitepaper labeled "An Updated Framework of Defenses Against Ransomware". Here is the abstract:
The proliferation of tools and techniques to disrupt enterprise systems has evolved from those capable of supporting merely opportunistic attacks to those enabling targeted attacks. Furthermore, attackers continue to develop methods for monetizing their efforts, resulting in ransomware, a very disruptive threat to business as well as governmental departments and agencies. Ransomware developers are now selling their tools as a service, enabling attackers (individual criminals, organized crime, ideological hackers, or nation-state teams, all hereafter referred to as affiliates) to use tools they do not build or maintain to attack vulnerable systems.
In the last few years we have seen a rise of successful ransomware affiliates that purchase the mal-ware that they use and incorporate it into a ransomware tool chain that is targeted to a specific victim. These attackers lock victims out of their own data, usually by encrypting it, and attempt to extort money to restore the victim’s access to the enterprise data under threat of data destruction or disclosure as a response for non-payment. Recent high-profile cases, including attacks attest to the serious-ness of the problem. In each case, the victims suffered operational disruptions with monetary losses.
This report, loosely structured around the NIST Cybersecurity Framework, seeks to frame an approach for defending against Ransomware-as-a-Service (RaaS) as well as direct ransomware attacks.
Yes, ransomware as a service. You can now deploy your automated ransomware attacks as easily as setting up a new windows server instance. The paper is a short read that guides us through the familiar Identify / Protect / Detect / Respond / Recover framework but focused on ransomware. It is highly informative.
The second resource is labeled "Current Ransomware Threats" and was just updated in August 2020. Here is the abstract:
Ransomware continues to be a grave security threat to both organizations and individual users. The increased sophistication in ransomware design provides enhanced accessibility and distribution capabilities that enable attackers of all types to employ this malicious tool. This report discusses ransomware, including an explanation of its design, distribution, execution, and business model. Additionally, the report provides a detailed discussion of encryption methods and runtime activities, as well as indicators that are useful in their detection and mitigation.
The whitepaper dives into the business model and organization of ransomware. It helps to explain why attackers use it and why it is so easy to use. If you are geek for deep analysis on ransomware families, names, and expressions, then this is the resource for you.
I wanted to share with you some of the new ways ransomware is changing and how you can continue to protect your networks from future attack. There hasn't been a known case of a teenager, disgruntled teacher or technologist, or parent releasing a paid-for attack on their school or school division, but it could be only be a matter of time.
We will find out during the webinar this week that attack from ransomware may not be something we can prevent, but rather we need to focus on how to be resilient and control the event if it happens. These resources help in those efforts.
|