At present, ransomware is raging around the world, and ransomware attacks have become the biggest threat to network security, and a large number of ransomware groups with meticulous division of labor, specialization and professionalization have been formed. AsiaInfo believes that the ransomware has officially entered the 2.0 era – the APTization of ransomware gangs. The APTization of extortion gangs has made modern extortion threats more aggressive, better concealed, higher attainment rates, and more harmful, which will undoubtedly cause dimensionality reduction to the target.
In this context, how can companies respond to more organized and premeditated ransomware attacks? What are the key capabilities a company should have in the face of ransomware?
On September 20, AsiaInfo held a press conference on “Comprehensive Ransomware Governance, the Ark Plan”, which specifically explained how the plan helps users avoid attacks and reduce losses before, during and after ransomware attacks.
Regarding the content of AsiaInfo Security’s “Ark” plan, Leifeng.com and related media had in-depth exchanges with AsiaInfo Security Chief R&D Officer Wu Xiangning, AsiaInfo Security Vice President Xu Yeli, and AsiaInfo Security Vice President Liu Zhengping .
What role does “Ark” play in ransomware attacks?
In the era of digital economy, enterprise security faces three major challenges: ransomware attack, data leakage, and asset control. And ransomware is in an era where traditional ransomware and modern ransomware attacks coexist.
Xu Yeli said that the current modern ransomware attack mainly has three characteristics:
First, the rise of Ransomware-as-a-Service (Ransomware-as-a-Service) has transformed the operation mode of ransomware from the traditional small group individual combat to the modular, industrialized and specialized large-scale group operation. The coverage of ransomware attacks is wider and the degree of harm is significantly increased;
Second, the target of ransomware attack has also been upgraded from the previous wide-spread worm-type attack to a targeted attack on the government, critical information infrastructure, and various enterprises;
Third, from the perspective of extortion methods, modern extortion attacks have evolved from the traditional extortion method of paying ransom to restore data to double extortion or even triple extortion at the same time.
In the face of a more severe form of extortion threat, at the press conference, AsiaInfo focused on how to fight against extortion attacks through the overall defense system of ‘product + platform + service’.
Lu Guangming, President of AsiaInfo Security, said: “Development and security are two aspects of the digital era. AsiaInfo Security has proposed a development strategy of ‘product + platform + service’ complete closed-loop development with the security platform as the starting point, so as to truly build a business model for customers. A holistic defense system improves customer security defense capabilities. The principle of ‘platform first’ can not only integrate fragmented security capabilities into a systemic and globally linked native immune system, but also solve complex management issues, Dissolve it into a minimalist and intelligent threat management and operation platform.”
It is reported that the Ark Project mainly includes three core competencies:
Ransomware Physical Examination Center: The AsiaInfo security operation team conducts a comprehensive investigation and analysis of ransomware attacks by deploying endpoints and network probes to help customers prevent, early detection, early warning, early research and early disposal. Leverage the latest ransomware threat intelligence to collide data to confirm whether there is ransomware in the enterprise environment and minimize the risk of ransomware attack outbreaks.
Whole-process handling mechanism: AsiaInfo “Ark” covers the entire process of ransomware attack governance and response, and assists users to establish a ransomware protection strategy, prevent ransom attacks in advance, identify and block ransom attacks, and respond to ransom attacks according to the state of the attack. response.
Modern ransomware governance solution: Based on AsiaInfo’s mature XDR technology, the modern ransomware governance solution can fully cover the attack chain of ransomware. Operational protection capabilities.
Among them, the “Ransomware Physical Examination Center” is the forefront of the “Ark” plan, and it has been launched. Enterprises can scan the QR code to conduct network security health checks. It is understood that at present, some industry users have conducted security assessments on the IT environment through the AsiaInfo Security Ransomware Physical Examination Center, and obtained targeted security governance plans and suggestions for the potential risks of ransomware threats.
In addition, Liu Zhengping, vice president of AsiaInfo Security, said: “Ransomware attacks are divided into 6 stages, including initial intrusion, persistent residency, intranet penetration, command and control, information leakage, and execution of extortion, and a single defense security system is difficult to deal with. This ‘kill chain’ works differently than traditional viruses.”
The modern ransomware management solution centered on XDR technology can detect and respond to terminal, cloud, network, border, identity, and data (currently, the engine can gain insight into 72 ransomware attack detection points), as well as threat data, behavior The linkage analysis of data, asset data, identity data, network data, etc., provides full-process emergency response and disposal support in the “before, during, and after” ransomware governance.
Wu Xiangning, Chief R&D Officer of AsiaInfo Security, believes: “Due to the in-depth combination of ransomware attacks and APT attack techniques, XDR is bound to be needed to solve problems such as the disorganized threat intelligence from various sources, the lack of complete threat visibility for the security team, and the emergency response process ‘on paper’. Such a linkage plan can produce better results from threat detection and control, to threat hunting, investigation, attribution and other overall linkage defense.”
(Panorama of Ransomware Governance Linkage)
What key capabilities do enterprises need to manage ransomware well?
At a time when the new round of technological industry revolution and the risk of the new crown pneumonia epidemic are intertwined and superimposed, digital transformation has become a must-answer for enterprises. In the process of digital transformation, cybersecurity has become the cornerstone of economic development. How to balance business and security investment has become a problem that every enterprise must think about?
In this regard, Liu Zhengping said: “For large-scale industry users, they attach great importance to network security and continuously strengthen their ability to face the digital world, so security investment is also increasing; for traditional manufacturing, once extortion and network paralysis break out The impact is huge, so CIOs must attach great importance to security investment.”
Liu Zhengping suggested that companies need to have three key capabilities to manage ransomware well:
First, the awareness of business leaders , including the board, CEO, CIO. APT attacks need to be defended in advance, and the security awareness education of personnel is particularly important. Only with a change in concept and awareness can more budget be invested in safety and the industry can develop healthily.
Second, be prepared to fight a protracted war. A ransomware attack is not a simple security incident, it is actually a long-term one. Because hacker organizations are also constantly updating the list of their attack targets, and will continue to attack, they need to carry out systematic construction, so as to prepare for a protracted war.
Finally, the management team can keep up. Three points of technology and seven points of management, and the essence of management is people, and a dedicated team of security experts is essential.
It is understood that AsiaInfo Security is currently equipped with a service network covering 31 provinces and cities across the country, through a local team composed of security service engineers, as well as a headquarters team of cloud security operation experts, virus sample experts, and threat intelligence experts, 7 × 24 hours of personal service , to help companies identify whether there is ransomware in the environment, and minimize the risk of ransomware attack outbreaks.
The contradictory game of ransomware attack and defense is becoming increasingly fierce, and it is a long-term and valuable thing to keep the “door” safe.
This article is reprinted from: https://www.leiphone.com/category/gbsecurity/I9CJ5wXv6mAA6XBA.html
This site is for inclusion only, and the copyright belongs to the original author.