GUEST BLOG: Architecting a Layered Security Approach in the ‘Year of the Hacker’
This is a guest blog from Kaseya.
Given the volume of record-breaking and prominently reported breaches, it’s not surprising that 2016 was dubbed the year of the hack. Whether it was news of Yahoo’s two record-breaking hacks (which actually took place in 2013 and 2014), state-sponsored hacking, or Dropbox and social networks being breached, hardly a week went by without news of a major security breach.
Costly breaches and malware are nothing new, and company breaches have been on the rise for a decade. But the billions of records breached in 2016 set a new benchmark.
Among the most costly and nefarious attacks was ransomware. Ransomware, which has been wreaking havoc for years, locks up and decrypts data, releasing it only after money is paid, usually through Bitcoin. Ransomware payments took off for 2016. Estimated at close to $1 billion, according to the FBI, they saw a significant jump over the $24 million paid out in 2015.
Ransomware is clearly a profitable line of work. Not surprisingly, its reach is growing, and 2017 is now being coined the year of the hacker.
Consider Petya, a recent ransomware attack based on the WannaCry attack, which goes after a hole in older versions of Windows. Petya takes WannaCry a few steps further than the original malware though. iPetya, for example, knows how to mine endpoints for passwords and uses these credentials to spread to other devices. Petya can also be spread by taking advantage of machines with admin rights, similar to an elevation-of-privilege attack.
Initial Petya victims included banks, airports, the metro in Kiev, and even the Chernobyl radiation detectors. In the months since the hack, Petya’s costs have been are staggering, impacting companies worldwide.
And yet, Petya could have easily been prevented. Like any successful malware, new ransomware variants are based on the old ones, making it a snap for even amateur-hour hackers to tweak an old exploit and unleash it as new. WannaCry, the basis for Petya, was used by the U.S. National Security Agency (NSA) for its own cyber-efforts — which a WikiLeaks data dump disclosed — offering hackers an easy-to-follow blueprint.
Fortunately, with the right strategy ransomware can be stopped in its tracks before it enters your organization. Smart end users and IT shops patch their systems, and in fact, Microsoft has a patch that plugs this hole. Unfortunately, all too many organizations fail to patch regularly and completely, and thus you also need a strategy to thwart the impact of ransomware.
3 steps to avoiding the pain of a ransomware attack
Ransomware is serious stuff, but its most pernicious effects are easily avoided if you take three basic steps to protect your operation. The key? A layered security approach. Taking these steps will go a long way toward protecting your organization.
- Patch your computers. Patching is 100 percent essential, but it is not easy for organizations that rely on end-user vigilance or manual IT means. You need an automated patching solution so patches are installed when they become available – on all endpoints and servers.
- Maintain an antivirus and anti-malware solution. With proper security protection across all your systems, incursions such as WannaCry will be spotted, blocked, and purged. Like patching, an automated solution that installs and updates security across all of your systems is essential.
- Be Smart about backup. Ransomware works by holding your data hostage. For those with no backup, an encrypted and locked hard drive is a disaster. If you have a current backup, it is only a nuisance. The best solution is an automated tool that backs up all of your systems to the cloud, where it remains safe until you need that data back.
The reality is most successful exploits are against unpatched systems. Hackers love to take shortcuts and the patching process offers a perfect opportunity, just like the NSA leak offered an architectural blueprint for how to exploit the Windows’ hole that Petya jumps through.
Kaseya Cloud Backup, powered by Acronis, helps prevent data loss
Recently, Kaseya introduced Kaseya Cloud Backup, powered by Acronis, an ideal solution for SMBs and managed service providers alike. With Kaseya Cloud Backup, you can back up and recover every machine you manage on-premises or in the cloud from a single pane of glass. Kaseya Cloud Backup can automatically and regularly copy your files so the most recent version is resting comfortably in the cloud, making restoration a snap.
By leveraging the power of VSA by Kaseya (which includes automated patch management and antivirus/anti-malware) with Kaseya Cloud Backup, you can quickly define backup policies by organization, machine group, or device type. Create as many policies as you need to simplify managing the backup requirements of the entire set of infrastructures under your control, and ensure you are meeting all compliance procedures. Changes in standard policy procedures can be applied to multiple machines and environments with a few simple clicks. In addition, you can create policies in VSA to restart failed backups automatically, shut down machines prior to backing up, and resolve many other problems that commonly occur during routine backup processes.