Cybersecurity authorities in the US, UK, and Australia authored a joint Cybersecurity Advisory whitepaper that reports on the evolution of ransomware tactics and techniques in 2021, revealing threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally.
Their observations provide useful insight on behavioral trends and include recommendations to help reduce the risk of compromise. Read the full report.
Here are some notable highlights:
Observations & Trends
If the ransomware business model continues to yield financial returns, incidents are bound to become more frequent – it confirms the viability and financial attractiveness of the criminal business model.
Authorities strongly discourage victims from paying ransoms, as it may encourage adversaries to target (or re-target) additional organizations and continue the distribution of ransomware.
- Automate software security and take advantage of vendor-provided virtualization and security capabilities.
- Train users and raise awareness about phishing emails, visiting suspicious websites, and clicking unknown links and attachments.
- Require Multi-Factor Authentication (MFA) for as many services, especially accounts that access critical systems or manage backups.
- Require all accounts to have strong, unique passwords that aren’t reused or stored.
- Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud.
- Segment networks to control and restrict the traffic flow of adversary lateral movement.
- Identify, detect, and investigate abnormal activity with a network-monitoring tool
- Implement time-based access for privileged accounts and minimize unnecessary privileges for services and software.
- Maintain offline backups of data, and regularly test backup and restoration.
- Collect and monitor telemetry from cloud environments, including network, identity, and application telemetry.