Book demo
29 July 2021

Good vs REvil: The Dawn of Ransomware as a Service (RaaS)

Join us for a look back at the major ransomware attacks this year and the larger hierarchy behind modern attacks.

News of catastrophic cyber-attacks are a regular occurrence these days. So much so that we’ve become calloused to their causes and consequences. In a recent threat report by VMWare Carbon Black, 94% of surveyed organisations had suffered a data breach at the hands of a cyber-attack, just in the last 12 months. Clearly, complacency is the last thing we need in the wake of these statistics. But what’s the best way to avoid complacency? How do we avoid falling victim to the new wave of malware?

 

The DarkSide of REvil

First and foremost, we must examine attacks to find common patterns. This is the most effective way for organisations to strategise and implement good defense practices. So, let’s take a look at some recent examples from this year.

Some of the most notable attacks have targeted Colonial Pipeline, meatpackers JBS SA and the national health service of Ireland; so, what’s the common pattern between each of these attacks?

They were all perpetrated by the hacking group known as DarkSide. But, if we zoom out a little, you’ll find the makers of the ransomware itself. REvil (also known as Sodinokibi). REvil operates as a ransomware as a service (RaaS) provider to multiple hacker cells.

Attacks used to be a series of isolated actors carrying out targeted campaigns. Now, a huge range of ransomware providers offer up the actual code to criminal groups who can then automate the planning time to strike their victims hard and fast.

 

The REvil business model

The ransomware produced by REvil targets both Windows and Linux systems by encrypting all files with RSA-1024 and RSA-4096. REvil sells its software as a toolkit for hackers to target specific organisations, all whilst collecting a commission from successful ransoms. After that, it’s a case of businesses either paying or not. In the latter case, REvil has been known to respond by publishing sensitive files online. Or, in the case of high-profile victims such as Apple, auctioning off files to the highest bidder.

The causes they expose and exploit are often down to insecure RDP servers or phishing attacks. Whilst both can be mitigated, the chance of falling victim to either should be a major concern to all. Securing a company against both may postpone a ransomware disaster, but won’t be much help when they’re then faced with the choices of paying a hefty ransom or frantically negotiating. For a front-seat view of what the attack would look like on your own desktop, watch this 2-minute video by Sophos.

 

The attack on kaseya

Days before the 4th of July weekend, a brutal attack hit Kaseya, a company that provides VSA software to MSPs. By exploiting an authentication bypass vulnerability and elevating privileges, an installation package was sent off to dozens of Kaseya’s customers. But with around 30 MSPs being impacted, this meant that at least 1500 end users, many being SMEs, were in for a rude awakening. This was essentially a supply chain attack whereby a flaw in Kaseya’s software opened the gates to a host of unprepared SMEs. From Swedish grocery stores to US technology suppliers for the NASA, all were directly impacted by REvil’s ransomware.

 

Preparing for the future

Cyberwarfare is becoming a prominent part of militaries around the world. So it’s likely REvil and similar groups aren’t going away anytime soon. Ransomware will remain a major problem for years to come. With organisations in the US having lost a combined total of over 7 billion dollars in 2019, and the industry expected to grow rapidly into the next decade, ransomware is a profitable venture. Cyber insurance offers up a monetary cushion for these situations. But it can’t recuperate the damage to reputation, business downtime and the bittersweet joy of bartering your ransom down to the nearest thousand.

The only way to stay assured is by taking constant backups of your organisation’s data. At which point, you can at least rest assured that if the worst is to happen, you can bounce back with minimal disruption to your business. You can learn more about that here, where we talk about how to prepare for ransomware attacks. In a nutshell, stay one step ahead with prepared counterattacks that can trip criminals up. Give them the satisfying faceplant that they deserve!

 

Article by  Nazish Malik

Learn more about
Predatar recovery assurance

20 July 2021

Are IBM Gearing Up for a Cyber Revolution?

 

Well, do you?

The song written and performed by the Beatles back in 1968, still carries true today.  Revolutions, both large and small are ongoing – and much needed – part of society. In a modern, IT-driven world of interconnected devices and internet access from virtually anywhere, cyber-security is on the cusp of a digital revolution. And IBM is gearing up.

IBM recognises that cyber-security is a major risk for organisations. Just as cyber threats evolve over time, so must the tactics and strategies to defend against attacks. Few organisations are better equipped than IBM to offer comprehensive, end-to-end cyber-security solutions for customers.

Protect, Detect, Respond!

At the forefront of this strategy is IBM artificial intelligence, powered by IBM Watson. It’s an essential ingredient to providing the fundamentals elements of cyber-security;  Protect, Detect and Respond.

Each stage is key in a complete cyber resiliency strategy which places IT and security administrators under constant pressure. All too often, they’re not provided sufficient resources to defend against external threats, especially at scale.

Protecting on-premise and cloud environments against cyber-attacks involves a wide range of considerations. From user authentication and identity management, security of network core and edge access points, collaboration tools, centralised storage systems, virtual and physical servers. And, of course, the data protection solutions that are responsible to protect and recover the application ecosystem that drives the business.

Each area has a role and unique security requirements in order to protect against cyber-attacks, but as we have seen within the industry, attacks still occur. So, when they do occur, you need to ensure your detection capabilities are up to the task of accurately analysing and identifying threats that require immediate action. Once the threat has been accurately identified, the response plan must be initiated to repel the attack. Or, recovery plans should be initiated to eliminate the intrusion from the environment before it has been activated.  All of these elements are complex stages and absolutely require proper planning and the power of AI and automation to scale and respond.

What is IBM up to?

IBM is leveraging AI to provide organisations the ability to respond, at scale from cyber incidents. They’re also applying the same principles to modern and secure application development. You can view the video from IBM Cloud detailing IBM’s use of AI for Cybersecurity, narrated by Sridhar Muppidi, CTO of IBM Security.

 

Artificial Intelligence for Smarter Cybersecurity

https://www.youtube.com/watch?v=rH9-m7AhJhk

 

This video outlines IBM’s future vision for AI and Cybersecurity. But, we know that revolutions don’t occur overnight. For many organisations, there’s a clear and present threat to their data today. That poses the question, what you can institute today to protect, defend and respond?  It’s a big question and it deserves a big answer, but as with any strategy each organisation will need to assess their strengths and weakness to determine where to focus their time, effort and investment.

Naturally, IBM has this covered too. Their CRAT (Cyber Resiliency Assessment Tool) is available today for no financial cost.  It will provide you a comprehensive analysis and provide a recommendation to an effective cyber resiliency plan. Visit the link below to review IBM’s CRAT (Cyber Resiliency Assessment Tool) and get started today.

 

CRAT (Cyber Resiliency Assessment Tool)

https://www.ibm.com/downloads/cas/W7VJLDPE

 

While there are tactical changes you can make today, part of your strategy for the future should be to align with the upcoming IT Revolution of hybrid cloud and containerisations, which brings inherent qualities that provide protection and isolation against today’s cyber attacks.

Learn more about
Predatar recovery assurance

12 July 2021

Airgaps Assemble: S3 and Physical Tape

The last time we shared our thoughts on airgaps, we spoke about S3 and the idea that it can give you an airgap similar to the one you’ll get from using tape as part of your backup solution. You can read that blog here to give you a better insight into what we’re about to cover. But to save you some time, we concluded that S3 wasn’t quite the same. Any organisations considering using S3 have to weigh up whether the security offered by the tape airgap outweighs the benefits of using S3.

After we published our blog, one of our customers got in touch wanting to know more about the pros and the cons, and the additional judgments needing to be made when weighing up their options. And kudos to them, because it really got us thinking. Digging deeper into the pros and cons of each storage type could easily become a never-ending rabbit hole, so we’ve outlined everything as simple as we can, right here.

Unravelling Physical Tape

Firstly, let’s look at the grandfather clock of backup storage: physical tape. And, before we go on, you can read more about physical tape here, where we talk about backup and storage through the ages. It’s riveting stuff, really.

As we’ve already mentioned, tape is immutable. It’s simply not possible for somebody to write to a tape once it has been removed from the tape drive. There’s no chance that your data is going to get encrypted once it’s been stored there. The other major selling point for tape is capacity. An LTO-7 tape can store 6 TB of raw data) or 15 TB of compressed, whilst LTO-8 has numbers of 12 TB raw and 30 TB uncompressed.

For organisations that are looking to retain a lot of data in an archive for a long time, the combination of security and capacity might be what encourages them to go for tape. Then, we have cost. Seems simple, right? But it’s just not as simple as it was a decade or so ago.

This is because the difference in the per TB cost between tape and disk is no longer the vast chasm that it once was. Over the last ten years, the cost of storing data on disk has fallen by over 80%. This means that whereas disk was once seen as a premium purchase, it’s now a commodity. So, how can tape compete?

Searching S3

Let’s look at some of the strong points of S3 storage in the Cloud. Most vendors will charge you for that S3 storage based purely on usage. If you are using 1 TB of storage, you’ll get billed for 1 TB. Hardened storage admins will know all too well how tricky it can be trying to eke out the last dregs of capacity in an overburdened array; that shouldn’t come into the equation with S3. In fact, the storage admin needs to be more focused on keeping the storage utilisation under control. With unlimited storage, it’s easy to use more than you really need.

As we’ve discussed, one of the flaws with any form of disk storage is that it’s never completely immutable. Although, that’s what your storage vendor might tell you. You might be told that your object storage is immutable because it doesn’t use the same protocol as your native file systems. And – or – because your backup application can only talk to it via API. But, there’s probably still the capability for a rogue actor to remove data directly from the buckets. In which case, you’d only find out when you tried to recover the data.

Winner winner, Tape or S3 for Dinner?

If things still feel a bit foggy to you, we’ll outline it here in a table. Each feature is marked out of 3 Predatar Approval Points.

If your priority is to preserve that airgap and to ensure that the data your company is keeping long-term is secure, storing that data on tape is going to be a compelling direction for you. If that’s not you, then you might want to consider the flexibility that you can get from S3. Just make sure that you consider any security implications are taken into account before you start to use it.

Learn more about
Predatar recovery assurance

01 July 2021

The Race to Resilience: How F1 isn’t unlike the race to stay ahead of backup and recovery

190 miles in 90 minutes, 6G in the turns and speeds of over 210mph. These are just some of the statistics that make F1 the global spectacle that it is.

All it takes to win is the fastest car and the best driver, right? Not quite. Take the Mercedes F1 team for example. For 7 years, they’ve been the team to beat but this year, they’re facing an evolved Red Bull team with a car and a driver to rival their own star of the show. For the first time since 2013, Red Bull are also leading both the constructors and the drivers’ championship.

 

Why is this, and what’s it got to do with cyber resilience?

We could just assume that their car and their driver are the stronger competitor, but there’s more to it than this. Over those 7 years, Red Bull have been evolving, innovating, and looking for ways to close the gap. In fact, they hold the world’s fastest pitstop ever (1.82 seconds!) for this very reason. In the meantime, they’ve also been working on developing a car and recruiting the right driver to rival Mercedes. In fact, it’s pretty clear that Mercedes have started to slip up. So, some might say that this has left Red Bull with a sturdier racing strategy with greater longevity and chance of success than Mercedes.

But hey, we hear you. You’re not here to learn more about F1, you’re here because you know that the world is undergoing a digital transformation, and this means you need to keep up. You might say, the race is on. Get it now? We thought you might.

 

The race to resiliency

Not unlike F1, the race to resiliency in an evolving digital world is highly competitive and pressurised. It takes agility, consistent development, investment, and commitment to continuous improvement. And, much like a sponsorship, it also requires selecting strategic partners to help you get to where you need to be. With these assets, businesses are in the game, but are they in a position to get ahead? Are they future-ready? Not necessarily.

 

Pitstops

You’ve got the car (the technology), you’ve got the driver (your partners, employees, and stakeholders), but are you practicing? At Predatar, we’d hazard a guess to say that many businesses are perhaps not practicing and testing their cyber resilience strategy as much as they ought to be. Even with the right tools, you’re not guaranteed foolproof cyber resiliency against advancing ransomware. We think an effective disaster recovery plan and continuous testing is the key to sustained success when you’re in the race to cyber resiliency.

But why aren’t businesses doing this more vigilantly? Simply, it’s complex, costly, and time-consuming. But without these investments, businesses will be making the same mistakes as Mercedes. Without practicing and testing on a regular basis, they won’t have the competitive edge they need to because they will not be able to perform effectively enough when it’s most critical to do so.

 

Powering through

This is where automation comes in. By using automation to power resiliency, businesses will be able to greatly limit cost, reduce time and reduce the complexity of regular testing. As a result, when that critical time comes and ransomware takes hold of your important data, your backup and recovery processes will be operating like a well-oiled machine. Ransomware? More like ransom who! (We’ll let ourselves out after that one).

To round things off, if you want the competitive edge for your business’ cyber resilience strategy, contact us for some free advice on how you can quickly supercharge your IBM Storage Protect estate. We’re here to keep you one step ahead in the race for resiliency and ready for the finish line.

 

Learn more about
Predatar recovery assurance