Ransomware attacks have been on the rise recently, with a few high-profile attacks shutting down major suppliers of critical commodities. Ransomware is often introduced to companies through phishing attacks, but that isn’t the only way it spreads.
Ways Ransomeware Can Infect Systems
Attackers have developed a variety of techniques for infiltrating systems. As a result, companies must come up with more sophisticated means, such as zero trust architecture, to deal with threats.
Many cyber criminals gain access to company systems through the use of phishing emails. These are emails that are designed to appear as if they are from a legitimate source, such as a bank or other trusted institution, but contain links to malicious software or fake login sites designed to capture employee credentials.
2. Remote Desktop Protocol
The rise in popularity of remote work has resulted in many attackers shifting focus to exploiting weaknesses in virtual desktop infrastructure. One of the most exploitable vulnerabilities of VDI is that the infrastructure and applications are often hosted on the same server. This makes detecting malware before it can do damage difficult. To make matters worse, attackers can ramp up the damage by encrypting the data they access.
3. Malicious URLs
Malicious URLs aren’t just a problem found in phishing emails. Hackers sometimes embed them in websites, text messages and other places where users might be lured into clicking the links. Once a user has clicked one of these links, the malware attempts to install itself onto the user’s machine. If it succeeds, it may begin to spread to other assets on the network.
Lateral Spread of Ransomware
When ransomware can move from one computer to another computer on the same network, this is called lateral spread. Lateral spread can make it difficult for organizations to recover from attacks. Malicious software is often designed to seek out and encrypt backups and other assets. The software also may be able to obtain the login credentials of users with administrative privileges that the original point of entry into the system did not have. Once a ransomware attacker is ready to issue their ransom request, they can move quickly to take control of or disable critical systems.
Preventing Lateral Spread
Segmentation boundaries are used to prevent lateral spread. Network segmentation is a security measure that splits networks into multiple segments which each act as individual smaller networks. This makes it possible to control the traffic between different segments of the larger network. By doing this, ransomware that infects one segment of the network is prevented from spreading to the rest of the network.
The Role of Trust
When networks were a newer concept, security professionals focused on preventing perimeter breaches and users within the perimeter were considered trustworthy. As a result, there were not many protections in place to prevent malicious software from spreading once it breached the perimeter.
The current understanding of the threats posed by malicious internal actors and lateral spread of external threats that breach a network has changed this assumption. Many companies have transitioned to a zero-trust policy. A zero trust strategy assumes that no one is trustworthy, including users inside the network perimeter. It functions by confining an organization’s most critical assets to a protect surface that is much smaller than the full network perimeter.
Network designers construct a small perimeter around the protect surface, separating it from the rest of the network. Users do not have access to the assets within the protect service by default. Only users who must have access are given authorization. The use of zero trust-based security techniques makes it more difficult for hackers to gain access to sensitive information. Instead of only having to breach the perimeter and then use lateral spread to access other resources, hackers must breach multiple perimeters.
Preventing lateral spread through network segmentation is a powerful tool for companies to protect valuable data from unauthorized access. It is still best to prevent a breach at all, but if a breach occurs, these techniques can limit the amount of damage.