FEATURE : ENDPOINT SECURITY organizations . Similar to how spies are recruited for espionage against government agencies , regular everyday people with access to high-value targets can be recruited to deploy malware .
“ Often , they are lured through offers of significant sums of money or even a percentage of the ransomware payout , with some offering hundreds of thousands of dollars per victimised organization . Affiliate programs and partnerships between ransomware groups have also become a common occurrence alongside the general recruiting of insiders .
“ These affiliate programs look to partner with initial access brokers – criminals that specialize in breaking into organizations and subsequently sell direct access and other ransomware gangs in order to improve their tradecraft , furthering their reach and overall profitability .”
The rise in secondary extortion
Ransomware groups have widely adopted double extortion as a core tactic to ensure profitability . By taking time to quietly exfiltrate sensitive information from the organization , cybercriminals gain incrementally significant leverage on their victim organizations , forcing organizations to not only pay to decrypt their content but also prevent potentially harmful data from being sold or otherwise publicly disclosed . Thus , significantly increasing the impact and damage that ransomware groups can inflict upon their victims and sending a stark warning to others to protect their networks from this ever-evolving threat .
How to fight back : Three security recommendations for healthcare IT leaders
For healthcare organizations , understanding the evolving threat landscape is half the battle . Now that CISOs have a grasp of what they ’ re up against , there are key defenses that should be in place . Here are three best practices to help them stay one step ahead of attackers :
Standard offers protection through each of the common ransomware stages and breakthrough prevention for today ’ s advanced cyberattacks .
2 . Endpoint Protection : IT leaders need an endpoint protection solution that easily scales and deploys to new users . The inability to rapidly provision new remote endpoints is another vulnerability and break in security postures . Healthcare organizations need the ability to easily provision access to new users while maintaining data privacy , compliance and security practices . Siloed and on-premise security products increase complexity and delay progress in standing up and securing remote workers . VMware Carbon Black Cloud Endpoint helps organizations transform security with cloud-native endpoint protection that eliminates many of the time and resource-consuming barriers that often slow down deployments . The solution also offers security teams the full visibility and control required to help prevent , detect and respond to endpoint threats .
3 . IT Tracking Tools : For CISOs to understand any area of vulnerability it ’ s important to employ a solution that enables organizations to assess and harden system state . It ’ s much easier to patch and prevent attacks than it is to remediate them . When it comes to helping prevent ransomware attacks , solutions that offer automated reporting to track configuration drift will help ensure environments stay as secure as possible . The VMware Carbon Black Cloud Audit and Remediation solution allows security teams to easily track drift and comes ready with built-in response tools to apply updates or run scripts for full remediation in minutes . p
Greg Foss , Senior Cybersecurity Strategist at VMware Carbon Black
1 . Next-generation Antivirus ( AV ): CISOs can start by ensuring their endpoint protection solution incorporates defenses for each phase of ransomware attacks : the delivery , propagation and encryption stages . Today , traditional AV focuses mostly on the delivery stage , but this leaves a security gap with new malware . To detect and stop these attacks from propagating , solutions should also track endpoint activity to root out common behaviors such as privilege escalation and lateral movement , and finally prevent encryption by employing decoys and protecting local files and critical boot sequences . VMware Carbon Black Cloud Endpoint
www . intelligentcio . com INTELLIGENTCIO APAC 55