Gone Phishing: How Ransomware, Log4j, and Other Exploits Use Your Network to Catch the Big Fish
Ransomware and Log4j are the latest examples of the ways cyber criminals leverage security weaknesses to spread onto networks and steal or extort large paydays.
By Peter Bookman, Founder and CEO of guardDog.ai
Phishing for the Big One
In order to keep yourself and your company safe, it’s important to understand the psychology of a cybercriminal and their objectives. The Internet is like a vast ocean, and like fisherman, these criminals are hunting for the best spots to catch the biggest fish. They aren’t interested in the small fish, per se, but in how they can use the smaller prey to catch the bigger ones. They are after a giant payday, and the bragging rights to go along with it. So, they troll for vulnerable targets and develop the best lures they can, to exploit the opportunities they find.
Perhaps you think, “it will never happen to me.” You’d be wrong. A report from Cybersecurity Ventures predicts global ransomware damage costs will reach $20 billion this year, which is 57x more than in 2015. The report notes this equates to a ransomware attack on a business “every 11 seconds in 2021.”
Log4j just emerged on the scene and is already being referred to as the largest vulnerability in history with hundreds of millions of devices affected. It is expected to take years to fully address and resolve. Let that sink in.
Casting the Best Lure
There are mobile device management solutions (MDM) that offer some security capabilities, but they are often exploited at the network level and unaware of the activity (I recently wrote here about how MDM isn’t enough). Gaining control of a device is not enough to achieve their goals. Cyber criminals use these entry points with the strategy of spreading over your network to gain total control. They need the kind of leverage they can use to extort the level of payday they’re after.
Accessing and spreading on the network is the common denominator most of these attacks require to succeed. This is where the opportunities lie to stop the thieves in their tracks.
Ransomware, phishing, and many other exploits are about using the right bait to compromise a device, get onto a network and spread. Many of these count on human behavior to help them along, like an innocent click on a link in an email.
These types of threats typically appear to come from a friendly brand you know and trust like a bank, a streaming service, or any known brand you might trust. The email may claim your subscription will automatically renew at some higher rate, unless you call now to deal with it. It might say your password has been changed and if you changed it ignore the message, but if you didn’t, click here to reset your password!
Perhaps you are a customer; perhaps not. The criminals likely don’t know and don’t care. To them, it’s a numbers game. They are fishing for a victim. The hacker is an imposter, but what they send you may look and seem very real. They aim to get you in an urgent state of mind, so you’ll respond and engage quickly without thinking it through. In the reality of things, brute force is not a common way cyber criminals get access to confidential information. They look for a weakness they can exploit more easily, such as fooling someone into aiding in the attack from the inside. This is how they get you.
Regardless of cyber security policies or training, anyone can make a human mistake and accidentally compromise their device. Who hasn’t clicked on a link in an email at some point?
Log4j is even more scary. It uses a popular open-source logging solution prolific across many software deployments to spread. Simply viewing a pixel in a chat window, for example, could infect another machine – with no other action required. This exploit relies on running a certain version of Java and the way Log4j2 libraries can be exploited.
Further complicating things is the fact that most software doesn’t contain a bill of materials, hence the possibility of it taking years to find and correct all the vulnerabilities. In the chart below on the left, we see a device attack has successfully leveraged the network to infect other devices and gain access to all private information. On the right, we see suspicious activity from a device that was detected and then isolated at the network level, preventing the spread.
Force Them to Cut Bait
There is much we can do to secure devices from attacks, such as adding virus protection software, device management solutions, EDR, and other protections, but these solutions aren’t aware of what’s happening at a network level. Once the criminal targets and infiltrates your device, then what? If you have part of your team accessing secure information from unsecured external networks, then what?
Investment in network level protection is a must, to identify a threat that is attempting to spread and stop it before it gains a foothold. Network aware solutions can see patterns and traces these threats leave as they attempt to spread. With the right cyber security strategy in place, you can minimize the damage from an attack and potentially stave off the disaster of losing control of private information and having it held for ransom.
Deploying methods that monitor networks, detect threat patterns, and respond to them in a timely manner is the key to keeping the attack surface low and halting an attack’s progress when it’s found an entry point. You could accomplish this by using professional cybersecurity services from MSSPs, or by deploying a product that offers AI-based network-oriented autonomous countermeasures flexible enough to work with distributed work environments, which is an approach we use at the company I direct, guardDog.ai.
To keep pace with cyber criminals, you will need to invest in a variety of tools, talent, and strategies to keep them at bay. Every company should build a comprehensive cyber security plan that maps out how you will respond to threats at the administrative, technical, and physical level. A great plan maps your workflows and ties policies and protocols together to ensure you are responsive and can adapt to changing conditions.
This is increasingly important as businesses must comply with many new State and Federal regulations now in effect, with many more on the way. Many of these regulations provide safe harbor, but only if you are complying according to a written plan at the time an incident occurred. The fines are steep for being negligent or for doing nothing at all.
The bottom line is that you must build a cyber security practice that is adaptive and responsive to avoid being taken by the bad guys.
About the Author
Peter Bookman is the Founder and CEO of guardDog.ai. Bookman has 25 years’ experience leading teams and disrupting markets with numerous exits. He is credited as an inventor to 14 patents in both software and hardware intellectual property.
Peter can be reached online at @pbookman and at our company website https://www.guardDog.ai