PS News talks with international software security expert, Charlie Gero who fears that the recent ransomware attacks on major organisations are just the beginning.
The latest ransomware attack on the Steamship Authority in the United States is a clear indication the frequency of this particular style of malware incident is growing.
We’ve seen Colonial Pipeline crippled for days, JBS meat packing facilities taken offline, and now the Steamship Authority disruption.
In all three of these cases hackers utilised ransomware to disable the operations of the companies, and at least the first two were launched from actors operating within, or associated with, Russia.
On top of all of this, a new attack from Nobelium, the hackers responsible for the massive SolarWinds breach that is still impacting the world, was detected and thankfully largely thwarted.
Chief Technology Officer at the Akamai security technologies group, Charlie Gero says these attacks underscore a highly important point — critical infrastructure is increasingly reachable online.
“The internet is not just the technology that powers social media and memes. It has become a core piece of infrastructure that we rely on for physical services daily —energy from gas, shipments of food, transportation, banking, and more,” Mr Gero said.
“As industries utilise the internet to ease operations and deployment, they must balance the tremendous advantages connected infrastructure gives with the high risk of being on a global platform where attackers can probe, infect, and hold their assets hostage from half a world away.”
He said researchers at Akamai expected this trend to not only continue, but to increase in frequency.
“It is why companies must make use of state-of-the-art security services to attempt to stay ahead of their attackers in this ever growing arms race,” Mr Gero said.
“Antivirus software, at minimum, should be installed on every critical machine in an enterprise. Systems which need not be on the internet should be completely ‘air-gapped’ from those that do.”
He said tight access controls should be enforced on every application’s access, utilising zero trust principles, and services such as Cloud Access Security Brokers and Secure Web Gateways should be introduced to perform additional malware checks on data flows, and limit the spread of sensitive information out of customer networks.
“It is telling that so many critical pieces of infrastructure have been taken offline within such quick succession in the past few weeks,” Mr Gero said.
“This tells us that the current security posture for many organisations is not yet at the level it needs to be.”
He said as attackers continued to advance in both pace and sophistication “this should serve as an incentive for all companies to audit their internal security practices and measures to ensure they are doing everything they can not to be the next headline”.
