b. Why is the data being so valuable and organisation need to prevent the data from being missed use by third parties?
Transcribed Image Text: Most ransomware attacks affect NAS devices and routers, which can be a concern for
consumers. In general, they have yet to pose a major threat to organizations, because
threat actors will have little to gain from executing them.
Here are steps organizations can take to defend against ransomware attacks:
loT security challenges
Update and patch. Keeping systems and devices updated can address
exploitable vulnerabilities that attackers can use.
Employ secure authentication strategles. Many ransomware attacks
begin using stolen credentials. Enabling options such as multi-factor
authentication can deny threat actors access to accounts.
Enforce the principle of least privilege. This prevents users from
running certain programs, such as hack tools and unwanted applications
that are used by ransomware.
Regularly back up files. Despite current developments in ransomware,
backups still provide a safeguard against encryption and other
cyberthreats.
Ensure strong network protection. A strong network protection can
provide an extra layer of defense against threats that might utilize flaws
in multiple devices.
Monitor network traffic. Having the tools to monitor network traffic
allows organizations to see baseline activity and identify anomalies that
could mean potential intrusion.
Prioritize security over connectivity. Understand the risks of
connecting new devices into the network: The addition of devices can
exponentially increase its complexity and widen the attack surface.
Advocate shared responsibility over the loT. Organizations need to
advocate for a culture of security especially with regard to the loT.
Awareness for the threats that can target connected devices can help
make employees take conscious steps to secure personal devices.
Organizations that are hit by ransomware attacks, such as those we have discussed
here, can suffer from significant financial losses, not only from paying the ransom, but
also from operational delays and remediation costs. Ransormware campaigns now
involve a data theft component for double extortion schemes in which victims are
susceptible to losing mission critical data and suffer reputational damage.
To defend against ransomware, organizations have to address the security gaps that
can open a path for critical attacks. In the realm of the loT, these security concerns
include the following:
Vulnerabilities in lot devices. Vulnerabilities are constantly being
discovered in loT devices and systems. Unfortunately, ransomware
attacks use vulnerabilities to infect and spread to other devices.
Rapid growth of the loT and poor device management. Investment in
the loT slowed down with the onset of the pandemic, but reports now
show that interest is resurging. However, the rapid adoption of loT devices
could leave organizations grappling with device management issues and
the increasing complexity of their loT environments.
Poor security for lot devices. Even with loT devices secured in the
office, organizations might have trouble accounting for personal devices,
such as smart watches, e-readers, and gaming consoles. The reality of
work-from-home setups highlights the importance of securing home
networks and devices.
Legacy systems connected to the loT. The presence of legacy systems
is a reality for many industries. They present security risks because
patches may no longer be issued for these systems and devices, even if
they are still in commission and used in critical operations.
Targeted nature of ransomware.families. Ransomware campaigns are
now taking a more targeted approach. This has proven dangerous for
organizations because attacks are tailored to their weaknesses. It also
gave way to the trend of deploying ransomware in critical infrastructures.
The future of the loT and ransomware
The loT has much in store for the future. While the pandemic caused loT
implementation to slow down, many industries since have observed the benefits of the
loT especially in a time when remote work and social distancing became the norm.
The reality of 5G can also easily reignite plans to move forward. Unfortunately, current
times also had a reinventive effect on ransomware. Threat actors have found new
opportunities in their targeted attacks and double extortion schemes. Industries that
have much at stake - many often involve IT/OT systems – are prime targets.
Organizations need to reexamine their current defenses especially for ransomware
and plan an effective implementation of the loT to reap the benefits of this technology
How to secure loT environments against ransomware
The best way to deal with ransomware, especially those that involve the loT, is to
prevent them from happening. Like any other threat actor, ransomware operators are without fear of it being used in ransomware campaigns.
more likely to take the path of least resistance to reach their targets. Organizations
need to address possible entry points for ransomware attacks and keep their loT
environments adequately secured.
[source : loT and Ransomware A Recipe for Disruption - Securty News (trendmicro com)/
5/
6/
Transcribed Image Text: Case Study
Read the case study given below and answer ALL the questlons given at the
end of the case.
ransomware from infecting its industrial network. Unfortunately, this necessary
measure could not prevent fuel shortages in several US states from happening as a
result. Other indirect effects of ransomware on OT systems could be loss of visibility
and theft of operational information.
loT and Ransomware: A Recipe for Disruption
September 28, 2021
loT and ransomware In other Industries
Ransomware as examined in the context of the internet of things (loT) is not a new
discussion. When ransomware attacks were gaining momentum and lot adoption
started to expand, security experts already began to look at the potential risks of
ransomware attacks when they involve the loT.
Disruption is also the main goal for ransomware attacks in other industries, which likely
also rely to some extent on loT devices and systems. In the Trend Micro midyear
roundup, we reported how manufacturing, healthcare, and food and beverage were
among the top five industries that saw the most ransomware activity.
The healthcare industry saw attacks from the likes of Ryuk and Conti ransomware
families, which added pressure to an already strained healthcare system amidst the
pandemic. It is difficult to determine if these recent attacks had a direct impact on
medical devices, but ransomware has been known to infect medical devices before.
Connected medical devices, while incredibly useful today, can also act as entry points
for attacks if not properly managed. Medical devices also carry vulnerabilities and
flaws that make them susceptible to malware infection.
loT and ransomware are worth reexamining now that a different breed of ransomware
families are targeting organizations and loT use has become widespread in the
industrial sector.
loT and ransomware attacks
Ransomware attacks hinge on being timely, critical, and irreversible. The involvement
of lot in ransomware campaigns can amplify the impact of attacks because of
cascading consequences especially in the case of critical infrastructure. In addition,
loT devices widen the attack surface through which ran
These are conditions that can exacerbate disruptions.
Aside from the healthcare industry, the food production industry has also adopted loT
tools and systems to optimize production. According to an FBI advisory, ransomware
attacks are targeting the food and agriculture sector to exfiltrate and encrypt data.
They note how the sector is becoming increasingly more reliant on loT processes,
expanding the attack surface. Some of these attacks did not only cost the victims, but
also affected the supply chain, driving prices up for consumers.
are can be deployed.
Ransomware attacks pose a threat to OT systems
Routers and other loT devices as entry points for malware
Ransomware operators like DarkSide have set their sights on critical infrastructures or
high-profile targets. These organizations likely rely on operational technology (OT) and
industrial control systems (1CS), which raises the urgency and the stakes involved in
a ransomware attack. Ransomware attacks have become such a threat to OT assets
that the US Cybersecurity and Infrastructure Security Agency (CISA) released a fact
sheet to inform organizations about them.
The loT can significantly redefine the attack surface an organization would need to
secure. This concern also includes every-day loT devices such as smart appliances
and routers. Once set up, some lot devices, specifically routers, are often forgotten in
the background, never to be examined again unless something goes wrong. But these
devices can be exploited to allow ransomware to enter a system. Botnet malware, a
well-known problem for loT devices, can also be used to distribute other malware. In
our research on loT botnets, we found that it is still possible for routers to remain
infected with a batnet that has been defunct for two years, highlighting how seemingly
simple devices can act as a doorway for critical attacks.
Attacks that involve OT systems can be dangerous and have cascading effects down
the supply chain, pressuring victim organizations to comply with ransom demands.
The convergence of IT and OT components can open a path for attackers to cross
from IT to OT networks.
Ransomware attacks on loT devices
It is important to note, however, that ransomware rarely target OT systems directly.
The EKANS ransomware is a rare example that is capable of stopping ICS software
processes. while most ransomware families today, such as Ryuk, REvil. and Conti.
target IT systems However, intrusions into the IT network can disrupt and impact the
OT network even if it has nat been infected directly by ransomware This was the
case for Colonial Pipeline, which had to shut down its systems to prevent the
loT ransomware is a ransomware attack targeting loT devices. in such a scenario.
threat actors control or lock a device (or several devices) to extort payment An
example of a ansomware vaniant that crossed over to a specific loT device is FLocker
an Android mabile lock-screen ransomware that shifted to smart TVs. Two separate
researches have also tested ransomware attacks on a smart thermostat device and
a coffee machine. Such attacks have not progressed much in recent yearS