By Mike Styer, General Manager at Breakpoint
Ransomware now makes news almost daily, and for good reason. Massive attacks are disrupting governments and essential services, costing enterprises millions and even shutting down small and medium sized businesses. The problem is growing so fast that the cost of global ransomware damage is expected to top $265 billion by 2031.
While ransomware is a significant threat, organisations should not focus on this risk to the exclusion of other, more insidious threats.
Stealth attacks and quiet data exfiltration pose just as big a risk to organisations as the ‘big bang’ ransomware attacks. In a ransomware attack, attackers declare themselves, negotiate their quick win and (mostly) turn their attention elsewhere, while in stealth attacks, they fly under the radar and play the long gain. Depending on their motives, it may be more beneficial for attackers to remain undetected for a long period of time, observing the environment or repeatedly committing hard to detect acts of fraud and theft from within the victim organisation.
IBM and Ponemon Institute’s Cost of a Data Breach Report last year revealed that credential-related breaches alone take 250 days on average to discover, and another 91 days to contain. The longer they’re there the more damage they can cause. There have been cases where malware and spyware remained undetected within systems for years, and in some instances, they were never detected by traditional cyber security tools, but rather by auditors, finance departments, whistle blowers, or purely by accident.
Complicating the challenge of preventing such intrusions is the fact that they need not be software or malware driven: they can be activated by disgruntled employees or third parties gaining access to a corporate device.
Milking the system
Attackers who prefer to fly under the radar may do so for financial gain or competitive advantage.
One local incident saw criminals infiltrating a system that assigned values to vouchers, which they then stole. Because the number of vouchers was a small percentage of the total volume of vouchers issued, it took years for this theft to be detected and millions of rands in losses was incurred.
By remaining quietly within the system with access to key business units and applications, criminals could skim small amounts from millions of accounts, never causing alarm bells to go off while they steal millions.
Stealthy rerouting, intercepting or copying of emails can be used for fraud, theft or competitive advantage – for example, by diverting invoices and changing banking details to the fraudster’s account, or by fraudulently authorising payments.
Spyware can be deployed for industrial espionage, such as getting inside information on planned mergers and acquisitions, and using this information to buy shares or transact inside the market.
While organisations tend to focus on protecting their mission critical data, they may overlook their data that has little physical value, but which can benefit intruders. This could include information about business processes, or details of major bids, which competitors might benefit from knowing. It could include customer details which competitors can use as sales leads,
For a nominal fee, it is now possible to buy spyware and all the tools one needs to hack a company and spy on it, to steal money, exfiltrate key data, carry out market research, or find business leads.
Intruders might also use the victim organisation’s systems to legitimise spam campaigns, for money laundering, or to obscure paper trails – all of which ultimately cost the organisation money and increase its overall risk profile.
Mitigating stealthy risk
If stealthy intruders aren’t doing anything in the system, they are very difficult to detect. Malware detection looks for anomalies, while micro segmentation checks an application and everything it touches, but as long as the traffic moves north – south, it is unlikely to be noticed. In many cases, the malware might not even have an executable string to identify.
To counter stealthy risks, organisations have to be a great deal more vigilant and proactive about cyber security, going on the offensive to hunt down threats. They also need to pay closer attention to the basics of cyber security, such as passwords, patch management and Zero Trust approaches.
Breakpoint is in a position to help customers audit their systems for vulnerabilities and malware lying in stealth mode, to reduce the risk of attackers stealing money, exfiltrating valuable data, or otherwise putting their business at risk.