Kaspersky: A Ransomware Attack Befuddles Employees
Plus, Defendify helps partners address security shortcomings and Spanning patrols the dark web.
Employees across businesses of all sizes and industries lack basic knowledge about handling a ransomware attack, which is particularly unsettling with the massive increase in COVID-19-related cyberthreats.
Almost half of employees polled in North America said they wouldn’t know how to respond to a ransomware attack at work, according to new research from Kaspersky. Ransomware targets roughly 900,000-1.2 million of all users every six months. Ransom amounts on average exceed $1 million.
Thirty-seven percent of respondents were unable to accurately define ransomware.
For respondents who have previously experienced a ransomware attack, 40% said they wouldn’t know the immediate steps to take in response to a ransomware attack. Additionally, 30% of people who have experienced a ransomware attack said you should disconnect a computer from the internet. That’s the correct first step to take to stop an attack.
To find out more about the lack of ransomware knowledge, we spoke with Brian Bartholomew, principal security researcher at Kaspersky North America.
Channel Futures: So many employees don’t know how to respond to a ransomware attack. That must be a real danger to businesses of all sizes.
Kaspersky’s Brian Bartholomew
Brian Bartholomew: This is definitely a danger to all businesses regardless of size. An employee is typically the first line of defense in a ransomware attack. If that person doesn’t know how to properly respond to or treat a possible attack, the chances of that attack affecting a larger percentage of your business is exponentially increased. Ransomware is typically designed to spread as fast and as easily as possible. Many times, the first thing it does is look for other places to spread to once inside a network. As time goes by during an active infection, more and more systems are exposed. A user who’s aware of this type of threat would know how to minimize the spread the quickest way possible.
CF: What are businesses not doing that they should be doing to make sure their employees are more informed?
BB: Employers should offer ongoing cybersecurity awareness training so employees have more familiarity with cyberattacks and how to prevent them. And most importantly, how to report them within their organization.
CF: Does the research point to challenges/opportunities for MSSPs and other cybersecurity providers?
BB: Absolutely. The continued costs and reputational damage caused by ransomware attacks continues to demonstrate the need for MSSPs and providers to have protection in place (or provide this protection to their customers) that blocks these types of attacks. The lack of end-user awareness shows the need for increased education and training on preventing and minimizing risks. The need for proactive protection and education are more important than ever. Partnering with security vendors that have complete solutions to address these risks is a driving force in the market.
CF: How difficult is it for businesses to ensure their employees are educated about ransomware attacks?
BB: Not difficult at all. Employers can offer sponsored security awareness training in which they can work directly with employees or even offer basic online training courses for employees to complete as part of overall company training.
CF: Did the research find any progress being made in terms of businesses and ransomware attacks?
BB: No, the survey findings overwhelmingly found …
… that employees lack baseline knowledge of ransomware, and progress must be made in educating employees about this attack vector.
Defendify Helping Partners Address Security Shortcomings
Defendify, an all-in-one cybersecurity platform designed specifically for small businesses, is giving away its Cybersecurity Essentials Package to help partners protect their business and customer data from cyberattacks.
The package includes the following:
Three cybersecurity tools to quickly identify cybersecurity gaps and know when new cyberattacks occur.
Cybersecurity health checkup that clarifies current cybersecurity and areas for improvement.
A network vulnerability scanner that identifies issues and exploits with networks for review and remediation.
Threat alerts that provide visibility into relevant stories, incidents and patches.
Rob Simopoulos, Defendify‘s co-founder, tells us if the shift to working from home resulted in IT changes in the organization, it is important that assessments are performed on their cybersecurity to identify new weaknesses that may have surfaced from the recent changes.
Defendify’s Rob Simopolous
“The Defendify Essentials package provides channel partners the ability to perform assessments on themselves and also their customers and prospects for free,” he said. “We understand that in the current climate, providing our partners free tools to add value and protection to their customers is essential. The Essential package is a base starting point from which an organization can grow to a full Defendify cybersecurity program, which includes 12 cybersecurity tools in total.”
Defendify’s partners are spending most of their time assisting customers with the transition to work from home. It’s paramount they help make that transition securely. Defendify is encouraging partners to take the appropriate steps to instill strong cybersecurity at their client organizations.
Recent phishing attacks are using coronavirus stories, World Health Organization (WHO) updates, and even stimulus grants and loans as topics, Simopoulos said. It’s important that organizations train employees early so they’re aware of these types of attacks before they reach their inbox.
“Work from home is so different and new to many employees,” he said. “As we all know, this quite often involves many household distractions. This scenario may put an organization at risk of employees moving too quickly through emails and potentially interacting with a phishing email. The verification challenge ensues as well. When in the office, it was easy to walk down the hallway and ask your boss if they really sent an email with the request for personal information or to conduct a wire transfer. With work from home, that luxury is no longer there and employees may be more easily fooled by criminal tactics.”
Check Point: Daily COVID-19 Cyberattacks in Quadruple Digits
Researchers at Check Point Software Technologies continue to see a dramatic rise in the number of COVID-19-related cyberattacks.
In the past two weeks alone, the number of attacks have increased significantly from …
… a few hundred to as high as more than 5,000 on March 28. On average, more than 2,600 attacks occur daily.
Although the number of coronavirus-related cyberattacks has risen sharply, the overall number of cyberthreat activities in organizational networks globally dropped by 17% per month between January and March.
In the past two weeks, more than 30,100 new coronavirus-related domains were registered. One hundred thirty-one are malicious and 2,777 are suspicious and under investigation. More than 51,000 coronavirus-related domains were registered since January, the relative start of the pandemic.
Omer Dembinsky, data manager of threat intelligence at Check Point, tells us that aside from awareness, one overlooked area is the mobile phone, used frequently from home offices.
Check Point’s Omer Dembinsky
“These devices are usually not protected and the user’s ability to check the legitimacy of emails, links and websites is even more difficult,” he said.
Cybersecurity providers and MSSPs need to accommodate customers moving to remote working. But that means changing network and security policies, which can make them less secure, Dembinsky said.
“The increased usage of new tools, changes in organizational networks and security policies, and overall change in the day-to-day life all contribute as risk factors that affect the impact of cybersecurity attacks,” he said.
Dark Web Monitoring for Microsoft 365
Spanning Cloud Apps, a Kaseya company and provider of backup and recovery for SaaS applications, has unveiled a dark web monitoring solution for Microsoft 365.
Spanning Dark Web Monitoring combines backup and restore functionality with dark web intelligence and search capabilities. This makes it possible to identify, analyze and monitor for compromised or stolen employee data.
“In this new and challenging cybersecurity environment that we are all facing, Spanning Dark Web Monitoring fills a critical gap for businesses that use Office 365,” said Mike Sanders, general manager of Unitrends and Spanning. “No other solution like it exists. Spanning Dark Web Monitoring for Office 365 gives IT administrators something other tools don’t — an integrated dark web monitoring tool that provides insight into potentially compromised accounts so that companies can take action to safeguard themselves and their employees.”
Microsoft 365 credentials are prime targets because they provide access to all of the Microsoft 365 services — not just email.
The solution helps reduce the risk of account takeover (ATO) attacks. These are attacks in which cybercriminals steal or buy credentials in third-party breaches and reuse them to access corporate systems. They will then move to steal intellectual property, gain access to financial accounts and commit other types of cyberfraud such as business email compromise (BEC) attacks.
Read more about:
MSPsAbout the Author
You May Also Like