Defending against nation state ransomware
As a professional with over 20 years in the cyber security space, I cringe when a vendor presents and says: “attacks are getting more sophisticated and harder to defend against.” While some of it rings true, it surely misses a critical point. The cyber security community has also become smarter, more vigilant, more sophisticated and capable, and goes beyond just using antivirus software and malware removal tools. In all of my research this year, in cases where I have seen gaps, we have had the means in our possession to easily fix.
With that said, there are two trends that look likely to rise in 2020 and for which we must be vigilant and prepared.
free anti-ransomware software being available.
About the author
Dave Klein is the senior director of cybersecurity at Guardicore.
Nation state actors have become more brazen
A major concern for 2020 must be the increasing number of capable nation state cyber actors/attackers. These nation state actors have become extremely skilled at using false flag/obfuscation techniques and proxy actors in their cyber warfare to prevent clear-cut attribution back to their home state. By making attribution difficult, so bad actors get away with their crimes and continue unhindered. Furthermore, as per the 2019 Verizon Data Breach study, nation state attacks have increased from 12 per cent of attacks in 2017 to 23 per cent in 2018.
As the world has become more experienced in uncovering nation state players so they have become more experienced in hiding, avoiding pitfalls and even manipulating data, tool kits and techniques to throw forensic analysts off by mimicking another nation state or criminal actors.
Go to techniques once used to easily identify attackers no longer work. Time stamps, which if analysed statistically could give you an attacker’s workday (and thus their global location), are now often manipulated. Coding and debugging techniques are being manipulated since state actors know malware strings themselves. Debug paths and metadata are often used to zero in on an attacker’s base language, usernames and codin
Be the first to write a comment.
