Understanding The Enemy
+ Why Your Antivirus Isn’t Enough
By Russ Levanway, President
You probably saw a dominant story in the news a couple of months ago about a major fuel shortage across the eastern seaboard. The pipeline that provides almost half the oil to the northeast and south came under a cyber-attack. Gas pumps ran dry in Tennessee, Georgia, and other states. This happened fast on the heels of other major exploits. Then in the last 2 weeks, tech news has been dominated by a serious vulnerability in management software called Kaseya, with over a million computers encrypted with ransomware as a result.
Ransomware attacks are getting to the point where they are becoming existential threats to organizations and can disrupt entire industries and supply chains. If it wasn’t serious before, it is now. Furthermore, hackers are increasingly sophisticated and daring. They’re often backed by foreign governments bent on destabilizing, stealing intellectual property, or just plain old making money via extortion.
The risks of a confidential data leak are higher than they’ve ever been before. It is critical that businesses not only understand how these adversaries operate but also rethink their own approach to security.
How cyber extortion works
Hackers’ typical MO is:
- Acquire your passwords or exploit some vulnerability
- Log into your device and/or network automatically or manually
- Steal a copy of your valuable data (credit card numbers, bank account numbers, social security numbers, intellectual property)
- Encrypt everything
- Hold it for ransom
If they don’t get what they came for, (you restore the data and can’t (or won’t) pay the ransom), the hackers leak your data all over the internet, selling it to the highest bidder.
Doesn’t my antivirus software protect me?
As someone in the IT field, one of the questions I often get asked is ”what about antivirus software? Doesn’t that protect me?” This is an understandable question. I preach the benefits of installing and maintaining antivirus software all the time. If it’s so important to have this tool installed, shouldn’t that be enough protection?
Unfortunately, no. The truth is, antivirus software stops 95 percent of attacks, so we always have it deployed as a security baseline, bar none. But what is it stopping exactly? Antivirus is preventing known viruses, known threats. When we talk about extortion and data infiltration, we’re not talking about viruses — we’re often talking about other tactics.
Flying under the radar
Threat actors often use phishing techniques to trick you into giving them your password (if they haven’t stolen it elsewhere). Often, a cyber-attack like this begins with an email from “your bank” that asks you to log in to your account to validate information. If you aren’t well versed in how to identify a counterfeit or deceptive email like this, you’ll fall for it and click the link. (No need to be embarrassed by your gullibility: you are in very good company. According to some estimates, a staggering 30 percent of people open phishing emails and 12 percent click on malicious links and/or attachments.) That fateful click leads to a counterfeit of your bank’s website. You put in the username and password, and you’re led to a blank page. You’ve been phished. Now the hackers have your credentials for the bank. All of this is done without using a virus of some kind, mind you.
Alternatively, threat actors may identify a vulnerability in your system. Once this vulnerability is identified, they exploit it by running what may appear to be legitimate software that goes undetected. Again, hacking you and your systems without the use of a virus.
These tactics leverage legitimate credentials and exploit existing vulnerabilities. Because of this, they can, therefore “fly under the radar”. Standard antivirus software can’t prevent this, it can only help stop code it knows to be malicious.
Adjusting your expectations
I talk about hacking all the time, I must seem like a broken record. But cyber-attacks keep happening, both in extreme cases like what we see in the news and for our clients, large and small. I keep hoping that if nothing else, a major event like the fuel shortage can help people understand how prevalent and destructive they really are.
Arming yourself with an understanding of how these threat actors operate is the first step. The second step is realizing that effective cybersecurity isn’t a question of simply having current antivirus installed. As we’ve seen, this tool can only do so much. That’s why the approach needs to shift. Cybersecurity is not one-dimensional and antivirus is not a catchall. In today’s world, antivirus is only one part of what must be a much broader cybersecurity toolset. It’s important that the expectation is adjusted to match the reality.