Author: Ben Hodge

Looking forward at the year ahead – we can see it’s going to be a big one for Predatar. But before we really get stuck in to this exciting new year, we wanted to take a few moments to reflect on some of the best moments and biggest achievements from 2021 – with a particular focus on our user community. After all, it’s our users’ feedback and ideas that drive us forward.

Shaping the future of Predatar together

Last year we really ‘switched things up’ with the Predatar user group. Moving from an email-based group to a more collaborative community forum using LinkedIn and the all-new Predatar Ideas Portal gave all of our users the chance to engage with us (and one another) in new ways.

The new format has given our users a mechanism to give feedback directly to the product development team, make suggestions, and vote for the ideas they want to see most on the Predatar product roadmap. We saw over 50 new ideas submitted in 2021. 20 were shortlisted and 4 are now in production.

If you want to see how your input is shaping the future direction of Predatar you can take a sneak peek on the Ideas Portal. Why not share your ideas with us while you’re there?

Beta programme

We ran two community betas in 2021. These focussed on new cyber resilience features (more info below). By engaging with our user-base early, we were able to deliver functionality to meet the needs of real customers with real-world challenges from the very first release.

We want to say a huge thank you to everyone that took part and we encourage you all to join our beta programme in 2022.

Events, content and product updates

2021 was our busiest ever year at Predatar. We launched 22 new features across 11 releases, while also hosting a number of industry events. Here’s just a few of the highlights:

• Q1: We launched a raft of new cyber resilience features in the Orca 11.7 release. These features gave users the ability to quickly search for viruses across all their backups and plot these on a real-time infection map.
• Q2: User Experience is a key driver for Predatar, and Q2 saw the release of Grizzly Bear 12.0. This brought a new user interface (UI) codenamed Sherlock. Built using React, Openshift and Containers the Sherlock UI took the Predatar platform to the next level – bringing more insights, improved ease-of-use and greater support for mobile devices.
• Q3: Hot on the heels of the 12.0 release came Grizzly Bear 12.3 with unique behaviour-based automated testing, virus scanning and cyber orchestration. These features were all designed to help businesses recover fast from cyber-attacks. And the result? With Predatar, organisations can recover up to 85% faster versus using manual methods. See the Grizzly Bear release in action here.
• Q4: In October we ran the largest Storage Protect User conference of the year. We were joined by industry leaders from IBM and IBM’s Partner network to discuss the impact that ransomware is having on businesses and backup professionals. The stand-out session from the event was an interview with a victim of a real ransomware attack. You can watch it on replay here.

A big thank you

As we say goodbye to 2021 we want to put out a huge thank you to all of our users and partners that came together as a Predatar community. You’ve helped us to keep moving, improving and developing our platform to meet the demands of our growing user base.

Building a community is hard work. We appreciate all of you and the support you have given us. We wish you all a happy and restful holiday. Stay safe and we’ll see you all rested, recharged and ready to go in the new year!

Corporate social responsibility (CSR) is a company-led movement and management style that aims to contribute to the wider social causes such as climate change and other ethical responsibilities.

Corporate. When you hear the word, you’re tempted to think of looming grey buildings, suits and ties, briefcases, and board rooms. You wouldn’t be far off in some cases. Corporate refers by and large to massive, faceless organisations. So, where does social responsibility come in and why does it matter just as much to smaller businesses?

If we imagine that every organisation, every business, every institution leaves a handprint on the earth. That’s a whole lot of handprints. But the fundamental thing that businesses and corporations need to understand is that some of these handprints will be stickier than others. Many will leave residue that will be difficult – perhaps impossible – to remove, for years to come.

In some settings, there’s a higher chance of a smaller business leaving a bigger, stickier handprint. Budgets are often tighter and business focus may be narrower; the wider responsibility to the planet feels inconsequential and maybe even needless. But we know this isn’t the case. In a recent study conducted by Social Green Solutions – awarders of the Green Compass Sustainability Award to businesses – there were a mass load of benefits companies with the award were seeing. Overall, there was a 50% increase in employee morale leading to 50% less employee turnover, improved productivity, increased financial performance and some were even seeing new market penetration opportunities.

 

What long-term and short-term changes can smaller businesses make that can have a lasting, positive impact?

 

It’s the million-dollar question, really. The more small businesses do, the more we’re finding out. Only in recent years have we been able to gather enough information to suggest that simply having things in place like CSR policies, can make a real difference in the years to come. Even more instant results, such as reduced printing costs and better working relationships have been noted on the long list of benefits for smaller companies. That’s not to say that implementing CSR practices won’t be costly for organisations, though. There are some changes that may require a higher investment. But, when it comes to the quality of your product, people, and the planet, we think it’s an investment worth making. You can start with…

1. Establishing a set of realistic goals and creating a CSR policy

2. Appointing a responsibility or CSR team to oversee any projects

3. Writing up some sustainability guidelines for in-office and remote workers

4. Encouraging volunteering and charity contributions through volunteer days for individuals and teams

5. Educating your employees! There are plenty of training courses out there aimed at clueing your organisation up on socially responsible practices.

At Predatar, we’ve recently appointed a CSR team and implemented a Corporate Social Responsibility policy, alongside a public statement which you can view here. We’ll be working with our teams and partners to make sure we’re doing our bit and keeping our word.

 

 

 

Not another acronym…

We’re not sure about you, but even we  struggle to keep up with all the different acronyms which, particularly within the IT industry, seem to constantly crop up everywhere.

One acronym our team came across lately is NIST and, yes, some of us had to look it up on Google. It turns out that NIST stands for National Institute of Standards and Technology and it’s not new. Based in the US, NIST has been around for 120 years, playing an essential role in enabling and measuring technical innovation not just in the US but all over the world.

Why should I care?

So, why is worth knowing one more acronym? And, why should we bother to understand what NIST do? The answer is simple and remarkably relevant: cybersecurity. We know this is a bit of a buzzword at the moment. Not a week seems to go by without news of a cyber or ransomware attack somewhere around the globe. You may have read about the Kaseya’s cyber-attack at the beginning of July (our blog “Good v REvil” provides a good summary). Not too long ago, the Lazio region in Italy was the subject of a very sophisticated ransomware attack that disabled all its IT systems and ended up disrupting the regional Covid-19 vaccination registrations. So, what role does NIST play in all this? A very important role, actually. NIST have developed a tool to measure cybersecurity.

NIST’s Cybersecurity Framework

 

This framework focuses on using business drivers to guide cybersecurity activities and reinforces the need for cybersecurity risks to be included in organisations’ risk management processes. The Framework consists of three parts: the Core, the Tiers, and the Profiles. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure. Elements of the Core provide detailed guidance for developing individual organisational Profiles. By using Profiles, the Framework can then help an organisation to align and prioritise its cybersecurity activities with its business/mission requirements, risk tolerances, and resources. Finally, the Tiers provide a mechanism for organisations to view and understand the characteristics of their approach to managing cybersecurity risk, helping prioritise and achieve cybersecurity objectives.

A very important feature of NIST’s Cybersecurity Framework is its scalability as it can be easily adapted to organisations of all sizes, sectors and maturities. It is also outcome driven and does not mandate how an organisation can achieve these outcomes, meaning that whether you are part of a small company with a low cybersecurity budget or a large corporation with a million bucks’ budget, tiers and profiles can be tweaked and customised to achieve a result which is in line with your cybersecurity programme.

 

Education, Education, Education.

It would be rather reductive, however, to only associate NIST to the Cybersecurity Framework. Their work compasses several areas which range from cryptography to IoT (Internet of Things), ICS (Industrial Control Systems) and practical cybersecurity solutions such as password standards and guidelines. Another primary focus for NIST are education and training. In partnership with government and academia bodies, NIST have been leading the NICE (another acronym, sorry…) i.e., National Initiative for Cybersecurity Education since 2008. The NICE framework provides a common classification of cybersecurity roles and functions, by describing the responsibilities, skills and knowledge required to perform cybersecurity tasks. This framework is increasingly relied upon across all sectors to help address skills gaps and develop cybersecurity awareness and learning.

It doesn’t have to be complicated.

So, who would have thought that this simple acronym could have such an impact on organisations’ cybersecurity strategies? Being familiar with NIST Cybersecurity framework and general security guidelines is an important step in the right direction when it comes to protecting your organisation’s devices, IT systems and valuable data stored in such repositories.

In a world of complicated acronyms and obscure technical jargon, NIST provide clear and practical guidelines to tackle practical challenges which are part of our everyday lives. It could be as easy as ABC or 123 (as long as you don’t set these as your passwords! See NIST’s Password Guidelines)

Article By | Barbara Giunchi Burr

It’s time. Here’s the second, and final, installment of the exclusive interview Predatar conducted with a victim of a business-targeted ransomware attack.

Investigating the Breach

‘We had very understanding clients. It was established at a very early stage that there was no desire to publicise any of this information. But generally, we had to be careful about what we were saying. We couldn’t say anything that wasn’t definitely true, or anything that needed to be kept confidential.’

‘In our investigations, we realised that the cyber-attackers had been in our systems for several weeks, via a password breach. By tracing their actions, we were luckily able to identify that it was very fortunately, a very small portion of data that they had been able to access.’

 

We talk about this a lot over here at Predatar HQ regarding cyber resilient backups. Sure, you think you’ve got immutable backups. You might even have gold standard encryption. But how can you be sure that your backups aren’t brimming with dormant ransomware that you just haven’t noticed yet? Dormant ransomware is a threat to any business. It can sit in your systems indefinitely, gathering information until the cyber-criminals are ready to act.

 

Negotiating

‘It was a really challenging period of time. We were having crisis calls twice a day, and sometimes it would be every hour or two. We established that the cyber attackers were also overseas, meaning it made quite a difference to the timescales. We actually had to contact them through an address on the dark web, which our business knew very little about, so the experts told us how to operate in that space.’

‘After negotiating, we eventually agreed with them to pay a very small fraction of what they had asked for in Bitcoin. Which the experts told us is completely untraceable. We tested them by staging four different payments over a week or so to ensure that each time, they gave us a specific bit of data back. Our negotiator pushed the cyber-criminals to the edge of what was acceptable to them. There were a few times where they said they were going to release the data.’

 

The Aftermath

‘You could say we were lucky. We did get proof of all of our data back, and we already had a backup copy of the data anyway. A few months prior to the event, we’d actually made some changes into tightening up the security of our backup and recovery procedures and that helped a great deal. I’m glad we did that. However, not all of the data was completely up to date, so that still did pose an issue. It wasn’t perfect. But the main issue was a lack of accessibility for our clients; they couldn’t work in a normal way.’

Nowadays, even if a company has a seemingly usable backup in the event of a ransomware attack, there’s no guarantee that the backup itself will recover. And even if it does recover, there’s no certainty that it, too, isn’t infected with dormant ransomware. But that’s where companies like Predatar come in.

‘The whole experience was deeply unpleasant. Nobody wants to pay an attacker anything, but the advice from all of those experts was that it’s typically better to pay something until you’re forced to pay a higher amount.’

It’s almost impossible to estimate the actual cost that ransomware attacks have on a business. The total sum is not just the ransom paid. Businesses will start haemorrhaging money in various ways during a cyber-attack. This can be anything from time lost on major projects to not being able to generate a healthy profit without full functionality and use of data. There can also be a huge knock-on effect to future ventures, including damage to partnerships and client relationships.

 

 

So…what now?

After hearing this story, the first thing that crossed our minds, and that has probably crossed your own mind as you’ve been reading this article, is “how can we be prepared for disasters like this?” So, we’ve asked some questions and gotten some answers for you. Here are the top five tips we picked up from this case:

1. Have a plan of who you can go to as an advisor in this scenario. You will need a set of experts who can offer you insurance. They will also know the lingo and they’ll be able to understand the personalities, behaviours, and personas of certain cyber-attack gangs.
2. Understand the process of reporting the incident to the authorities, and how that process can help or even hinder a time sensitive cyber-attack.
3. Hire a negotiator. If this is an option available to your business, don’t skip it out. The experience with a negotiator can be, as our source described, deeply uncomfortable. Without a safety gap between your business and the cyber-attackers, you’re essentially dealing with intelligent criminals with no experience of that.
4. Look after your employees. It’s a very disturbing experience, and the well-being of your employees is extremely important throughout. Some employees will be on a need-to-know basis, whereas others will need more of an understanding.
5. Test your backups, then test them again. And then test them again after that.

We hope that this has been eye-opening read for you, and that- like us – it has given you some useful insight on the importance of having cyber-resilient processes in place.

What is it Like When your Business is ‘the One it Happens to’?

“It will never happen to our business.”

“What would they want with data like ours?”

“We’re a small business, there’d be no point.”

“We’re too secure. They’d never succeed.”

“We’d know straight away. Our IT team is prepared.”

 

Many businesses are guilty of ascribing themselves to at least one of these blasé statements. You may have even heard them casually uttered by the water cooler, after more dire news has broken about yet another attack on a large corporation. It’s the seemingly mundane trap that many businesses and employees will unwittingly fall into. The ‘it’ll never happen to me’ mentality. And, don’t get us wrong, we’re not saying confidence in your resiliency and security processes is a bad thing. It’s first and foremost necessary. But, too much of it and you’re at risk of being lured into a false sense of guaranteed safety.

This blog is going to be different from what we usually write. In fact, it’s not our story at all really. We’ve been privileged enough to speak to somebody who witnessed the ins and outs of a ransomware attack on their business first-hand. When we first heard this account, we decided it was far too compelling and affecting to not publish it. Far from it being a head on a stick, this first-hand account is a very tangible and frightening experience of how a cyber-attack can affect organisations. So, without further a-do.

 

Alarm Bells

It’s no secret that many ransomware attacks begin in a similar way, with the first sign of trouble being the functionality of employee devices. This can range from slower-than-usual performance to being completely locked out.

‘We were first alerted to a problem when a small number of our clients, namely in the financial sector, alerted us to being locked out of their systems. We were providing the software, and in some cases a hosting environment, to these clients. So, we quickly established that there was a pattern to this problem even though it was a fairly contained number of clients.’

 

 

Data from the CrowdStrike intelligence team showed that throughout the covid-19 pandemic in 2020, ransomware attacks in the financial sector rose by as much as 350%. Between March and May alone, the sector reported over 30 attacks.

‘The first thing we did was to look into what it was, and it didn’t take us long to realise that it was a cyber-attack. At first, our clients assumed that attackers were targeting their business specifically. But of course, we’d noticed this pattern and we established that the clients had been targeted through the hosted systems we were providing them.’

‘We did have some comfort in terms of thinking we could get the data back fairly quickly because we had mirrored the records but there was still some disquiet. And of course, the major issue was that client’s employees could not access their systems.’

When a ransomware attack happens, you typically have two major concerns.

1. Data.
2. Business function.

The two ultimately come hand in hand; a business without its data is a headless chicken. Directionless and against the clock. But that’s not to say that some businesses can’t function – albeit with very limited purpose – without data. So, why do we list these two concerns separately? Because often the cause for having to put everything on hold during a ransomware attack, is that systems simply aren’t accessible or are locked because of the nature of the attack. Some businesses get ‘lucky’, like this one, and only some systems are locked out. But other businesses can’t access any of their systems, or any of the systems that are key to their functionality. Take this case for example, where cyber-criminal gang DarkSide encrypted critical data belonging to Colonial Pipeline.

 

The Right People, at the Right Time

‘After the messages came through from the ransomware attackers, we started to look at what we needed to do about it with our crisis team. This team involved various people from across the business, including our own security expert, finance people, legal people and judicial leaders. We then contacted some external security advisors in that space and an insurance company. And the insurance company, realising it was a proper cyber-attack, were helping us to look at reducing the amount of cost implication. So, we were lucky, we had a sophisticated team we could put together quicky. We already had things in place that an average company usually doesn’t have.’

Making Contact

‘The next thing we did was to contact the people that had blocked the systems. We wanted to try and validate from our side who they were, and whether it was a real threat to us, or just a hoax. But all in all, we were in the dark. We weren’t really sure what was coming, not until you’ve got experts involved.’

Luckily for companies that fall victim to ransomware attacks, the industry is now saturated with experts in this field. From experts who deal with the aftermaths of cyber-attacks, to negotiators who will be right with you in the thick of it.

‘There were a number of deadlines presented to us by the attackers, saying that we had to get back to them within a certain time period. We kept holding them off, but never said no. That’s where we had an expert negotiator come in. Of course, we also contacted the authorities but the experts we had told us that the authorities would unlikely be able to do anything meaningful about the attack, before it was too late. The consensus was that we needed to negotiate with the cyber attackers.’

You might be thinking at this stage ‘but that sounds pretty terrifying?’. And you’d be right. At Predatar, we’re a team of experts too. We pride ourselves on our knowledge of things like this, but there’s seldom anything that can prepare you for negotiating with criminals when normally, you’re just doing your day-to-day job. On a slightly more comforting note, we later established with our source that their teams had felt more at ease by having brought in external experts, because it had essentially created a buffer between themselves and the attackers. In short, always have a plan of who you’re gonna call when there’s something strange in your systems. But we’ll talk more about this later.

‘So these experts helped us communicate with the attackers in terms of checking whether they did actually have the data they said they had, and how they planned on releasing it back to us in terms of dis-encrypting it. We wanted to be certain our clients’ data wasn’t going to be permanently compromised.’

 

Stay tuned for part 2, coming soon!

Let the cloud come to you.

To open our new CEO blog series, Predatar CEO Alistair Mackenzie (or as we like to so fondly call him, Al), talks about becoming cloud-native.

Working for a SaaS company, I was intrigued by this recent article on Cloud economics, and you should be too.

You can read it for yourselves of course, but here are the highlights:

• Analysis by the Andreessen Horowitz team showed that the top 50 SaaS companies were spending an average of 50% of their revenues on cloud infrastructure
• Repatriation to on-premise could halve infrastructure running costs for companies at scale

Personally, my favourite quote from the piece is:

“You’re crazy if you don’t start in the cloud; you’re crazy if you stay on it”.

The problem though is repatriation can be a non-trivial exercise, depending on how you arrived in the cloud in the first place. Simply “lifting and shifting” workloads to a public cloud provider then shifting back again is somewhat easier. Moving VMware workloads to the cloud is a good example of this, though it’s harder to understand the rationale. It’s not cheaper and it requires almost the same labour resources to operate, wherever the workloads reside.

So, starting in the cloud makes more sense; especially for new projects or new start-ups. In the early stages of turning your creative ideas into software code, paying a “flexibility tax” to access the agility of the cloud is worth the peace of mind. In 2019 when Predatar decided to move from a monolithic application design to microservices, it chose to use public cloud infrastructure as a service. The development team was in experimentation mode and the public cloud allowed for more creativity. But as we move the new SaaS platform into full-scale production, should we stay on public cloud infrastructure or move to on-premise?

Although no decision has yet been made, there have been several trends to at least make it a hard choice.

• Most OEM vendors now offer some form of Opex-based, consumption model for server and storage infrastructure. IBM just last week announced a new storage-as-a-service model for its best-in-class FlashSystem arrays.
• For new software development, the lingua-franca operating system is now Linux, available in all public clouds as well as on-premise
• The emergence of Kubernetes as the dominant container orchestration platform

One important point of note on this final trend. When the Predatar team started its journey towards making Predatar SaaS a cloud-native container-based solution, it could have picked from many cloud offerings. AWS, Azure and Google, all have their own distributions of Kubernetes, and this is the catch. Once you start developing code on one distribution, it’s not always straightforward to migrate to another. You can become stuck using the IaaS (infrastructure as a service) of that public cloud provider.

Fortunately, whether by luck or good judgement, we chose Red Hat’s Openshift distribution of Kubernetes. Openshift is 100% portable which means we decide where to host our SaaS platform; cloud, on-premise, or edge location.

It can take a long time for the decisions we make to play out. Cloud Architects don’t always have the benefit of hindsight when deciding which cloud platform to use. At least from an infrastructure perspective, Red Hat’s Openshift gives them the option to change their mind should they so wish.

Signing off,

Alistair Mackenzie

In this blog, we’re going to discuss the importance of cyber resilience in challenging times. But fair warning, things aren’t about to get any easier. There are vital fundamentals that we can use to protect our IT landscapes, but are these enough? Or is it a case of evolving or dying a death?

 

Bad news first…

It’s an emerging trend. Traditional cyber-security measures aren’t enough anymore. Protecting organisations from the spate of persistent attacks feels like an unmanageable task.

In our last blog, we spoke about the growing number of cyber-attacks in 2021. And, we took a look at some of the major attacks over the last year. In a word, ransomware attacks alone are accelerating, fast. Both in pace and complexity. Let’s take a look at some statistics.

 

• In 2020, the average business cost of a cyberattack is $3.86 million and it takes over 200 days to detect the breach. (IBM)
• Ransomware attacks cost businesses an estimated $20 billion in 2020, having grown by over 50 times since 2015. (Cybersecurity Ventures)
• There will be nearly 3.5 million open cybersecurity jobs waiting to be filled this year, with over 500,000 open positions in the United States alone. (Net Sparker)
• 68% of business leaders felt the risk of a cyberattack increasing. (Accenture)

 

If you’re in the right job, these numbers won’t come as a surprise to you. But we implore you to ask yourself, ‘what am I doing about it?’. You might not have a clear answer. You might have a strategy that you’re yet to find time to execute (FYI, using Predatar can save a whopping 62% of your time. Fancy that? Find out more here).

But we digress. You may have a well-thought-out and constructed plan. Good for you. But this article might make you think again about how you’ve formulated that plan.

 

How many?!

There are endless ways a cyber-attack can present itself. But the top 3 types of cyber-attacks that cause mass disruption and cost are as follows:

 

Social Engineering

A manipulation technique that exploits human error to gain private information, access, or valuables. You could call it ‘human hacking’.

 

Ransomware

Yep, it’s the big one. We probably don’t need to remind you, but ransomware is a type of malware. The malware is used to infect a computer network, gain access to critical data, and then hold that data to ransom for a sky-high sum.

 

DDoS

A Distributed Denial of Service is a malicious network attack where hackers overwhelm a website with false traffic or requests.

 

The Good News

Cyber resiliency powers and accelerates business value. It helps enterprises prepare for, respond to and recover from cyber threats. Meaning, they can thrive in the face of adverse conditions.

The concept of cyber resilience is underpinned by the assumption that cyber-criminals will break down any network defenses intended to stop them. It’s a dismal outlook, we know. But it’s worth the strategy it fosters.

As part of a strategy, the following key components are fundamental in your planning. They will form your baseline plan.

 

1. Encryption
2. Immutability
3. 3rd Copies
4. Airgaps

 

Now, let’s go back to that all-important question: ‘what am I doing about it?’. We’re guessing that one or two of these things might have popped into your head when we asked you. But we’re here to tell you, these fundamentals aren’t enough.

Having these things can’t guarantee that your business, data, and infrastructure are protected. You’ll need to be able to answer the following questions for a robust cyber resiliency strategy.

 

• How do you ensure your backups will recover?
• How do ensure those backups are clean?
• How do you recover fast to a clean environment?

 

The answer therein lies in Recovery Orchestration. This technology allows you to automatically detect an intrusion and recover from it at the drop of a hat.

Having a strategy that includes recovery orchestration will help your business to:

 

Step up automatic tests

You’ll be able to make the most of intelligent automation and continuously test your backups, 24/7. You can also search for high-risk systems and prioritise accordingly.

 

Work out what’s infected

With ransomware recovery in place, you’ll have minimised your data loss and downtime. Ransomware Recovery Orchestration workflows will automatically search through your systems to find the newest backup that shows no signs of infection.

 

Put your systems into quarantine

In the event of an attack, you can protect the latest unaffected version of your data by isolating it in a safe place, either on-premise or in the cloud. Quarantining your data will allow you to assess your systems.

 

Check all your data is clean

Now your data is out of harm’s way, ransomware orchestration will automatically run all the necessary checks for you. It’ll scan through your backups to ensure all your data is completely clean.

 

Bring everything back

Once your systems have got the all-clear, you can instantly recover individual nodes or restore everything in one go. You can automate putting what you need back into your live environment.

 

Then, you’re good to go!

 

Predatar is at the forefront of disaster recovery automation and works intelligently with IBM Storage Protect. With Predatar on your side, you should never need to pay a ransom or lose your critical data. Use intelligent automation to maintain best practices and protect your business against data disasters. Contact us to find out more, or see for yourself how much money we could save you by using our online savings calculator.

 

 

Article By Nile Zahran | Head of Product Innovation 

 

 

 

Join us for a look back at the major ransomware attacks this year and the larger hierarchy behind modern attacks.

News of catastrophic cyber-attacks are a regular occurrence these days. So much so that we’ve become calloused to their causes and consequences. In a recent threat report by VMWare Carbon Black, 94% of surveyed organisations had suffered a data breach at the hands of a cyber-attack, just in the last 12 months. Clearly, complacency is the last thing we need in the wake of these statistics. But what’s the best way to avoid complacency? How do we avoid falling victim to the new wave of malware?

 

The DarkSide of REvil

First and foremost, we must examine attacks to find common patterns. This is the most effective way for organisations to strategise and implement good defense practices. So, let’s take a look at some recent examples from this year.

Some of the most notable attacks have targeted Colonial Pipeline, meatpackers JBS SA and the national health service of Ireland; so, what’s the common pattern between each of these attacks?

They were all perpetrated by the hacking group known as DarkSide. But, if we zoom out a little, you’ll find the makers of the ransomware itself. REvil (also known as Sodinokibi). REvil operates as a ransomware as a service (RaaS) provider to multiple hacker cells.

Attacks used to be a series of isolated actors carrying out targeted campaigns. Now, a huge range of ransomware providers offer up the actual code to criminal groups who can then automate the planning time to strike their victims hard and fast.

 

The REvil business model

The ransomware produced by REvil targets both Windows and Linux systems by encrypting all files with RSA-1024 and RSA-4096. REvil sells its software as a toolkit for hackers to target specific organisations, all whilst collecting a commission from successful ransoms. After that, it’s a case of businesses either paying or not. In the latter case, REvil has been known to respond by publishing sensitive files online. Or, in the case of high-profile victims such as Apple, auctioning off files to the highest bidder.

The causes they expose and exploit are often down to insecure RDP servers or phishing attacks. Whilst both can be mitigated, the chance of falling victim to either should be a major concern to all. Securing a company against both may postpone a ransomware disaster, but won’t be much help when they’re then faced with the choices of paying a hefty ransom or frantically negotiating. For a front-seat view of what the attack would look like on your own desktop, watch this 2-minute video by Sophos.

 

The attack on kaseya

Days before the 4^th of July weekend, a brutal attack hit Kaseya, a company that provides VSA software to MSPs. By exploiting an authentication bypass vulnerability and elevating privileges, an installation package was sent off to dozens of Kaseya’s customers. But with around 30 MSPs being impacted, this meant that at least 1500 end users, many being SMEs, were in for a rude awakening. This was essentially a supply chain attack whereby a flaw in Kaseya’s software opened the gates to a host of unprepared SMEs. From Swedish grocery stores to US technology suppliers for the NASA, all were directly impacted by REvil’s ransomware.

 

Preparing for the future

Cyberwarfare is becoming a prominent part of militaries around the world. So it’s likely REvil and similar groups aren’t going away anytime soon. Ransomware will remain a major problem for years to come. With organisations in the US having lost a combined total of over 7 billion dollars in 2019, and the industry expected to grow rapidly into the next decade, ransomware is a profitable venture. Cyber insurance offers up a monetary cushion for these situations. But it can’t recuperate the damage to reputation, business downtime and the bittersweet joy of bartering your ransom down to the nearest thousand.

The only way to stay assured is by taking constant backups of your organisation’s data. At which point, you can at least rest assured that if the worst is to happen, you can bounce back with minimal disruption to your business. You can learn more about that here, where we talk about how to prepare for ransomware attacks. In a nutshell, stay one step ahead with prepared counterattacks that can trip criminals up. Give them the satisfying faceplant that they deserve!

 

Article by  Nazish Malik

 

Well, do you?

The song written and performed by the Beatles back in 1968, still carries true today.  Revolutions, both large and small are ongoing – and much needed – part of society. In a modern, IT-driven world of interconnected devices and internet access from virtually anywhere, cyber-security is on the cusp of a digital revolution. And IBM is gearing up.

IBM recognises that cyber-security is a major risk for organisations. Just as cyber threats evolve over time, so must the tactics and strategies to defend against attacks. Few organisations are better equipped than IBM to offer comprehensive, end-to-end cyber-security solutions for customers.

Protect, Detect, Respond!

At the forefront of this strategy is IBM artificial intelligence, powered by IBM Watson. It’s an essential ingredient to providing the fundamentals elements of cyber-security;  Protect, Detect and Respond.

Each stage is key in a complete cyber resiliency strategy which places IT and security administrators under constant pressure. All too often, they’re not provided sufficient resources to defend against external threats, especially at scale.

Protecting on-premise and cloud environments against cyber-attacks involves a wide range of considerations. From user authentication and identity management, security of network core and edge access points, collaboration tools, centralised storage systems, virtual and physical servers. And, of course, the data protection solutions that are responsible to protect and recover the application ecosystem that drives the business.

Each area has a role and unique security requirements in order to protect against cyber-attacks, but as we have seen within the industry, attacks still occur. So, when they do occur, you need to ensure your detection capabilities are up to the task of accurately analysing and identifying threats that require immediate action. Once the threat has been accurately identified, the response plan must be initiated to repel the attack. Or, recovery plans should be initiated to eliminate the intrusion from the environment before it has been activated.  All of these elements are complex stages and absolutely require proper planning and the power of AI and automation to scale and respond.

What is IBM up to?

IBM is leveraging AI to provide organisations the ability to respond, at scale from cyber incidents. They’re also applying the same principles to modern and secure application development. You can view the video from IBM Cloud detailing IBM’s use of AI for Cybersecurity, narrated by Sridhar Muppidi, CTO of IBM Security.

 

Artificial Intelligence for Smarter Cybersecurity

https://www.youtube.com/watch?v=rH9-m7AhJhk

 

This video outlines IBM’s future vision for AI and Cybersecurity. But, we know that revolutions don’t occur overnight. For many organisations, there’s a clear and present threat to their data today. That poses the question, what you can institute today to protect, defend and respond?  It’s a big question and it deserves a big answer, but as with any strategy each organisation will need to assess their strengths and weakness to determine where to focus their time, effort and investment.

Naturally, IBM has this covered too. Their CRAT (Cyber Resiliency Assessment Tool) is available today for no financial cost.  It will provide you a comprehensive analysis and provide a recommendation to an effective cyber resiliency plan. Visit the link below to review IBM’s CRAT (Cyber Resiliency Assessment Tool) and get started today.

 

CRAT (Cyber Resiliency Assessment Tool)

https://www.ibm.com/downloads/cas/W7VJLDPE

 

While there are tactical changes you can make today, part of your strategy for the future should be to align with the upcoming IT Revolution of hybrid cloud and containerisations, which brings inherent qualities that provide protection and isolation against today’s cyber attacks.

The last time we shared our thoughts on airgaps, we spoke about S3 and the idea that it can give you an airgap similar to the one you’ll get from using tape as part of your backup solution. You can read that blog here to give you a better insight into what we’re about to cover. But to save you some time, we concluded that S3 wasn’t quite the same. Any organisations considering using S3 have to weigh up whether the security offered by the tape airgap outweighs the benefits of using S3.

After we published our blog, one of our customers got in touch wanting to know more about the pros and the cons, and the additional judgments needing to be made when weighing up their options. And kudos to them, because it really got us thinking. Digging deeper into the pros and cons of each storage type could easily become a never-ending rabbit hole, so we’ve outlined everything as simple as we can, right here.

Unravelling Physical Tape

Firstly, let’s look at the grandfather clock of backup storage: physical tape. And, before we go on, you can read more about physical tape here, where we talk about backup and storage through the ages. It’s riveting stuff, really.

As we’ve already mentioned, tape is immutable. It’s simply not possible for somebody to write to a tape once it has been removed from the tape drive. There’s no chance that your data is going to get encrypted once it’s been stored there. The other major selling point for tape is capacity. An LTO-7 tape can store 6 TB of raw data) or 15 TB of compressed, whilst LTO-8 has numbers of 12 TB raw and 30 TB uncompressed.

For organisations that are looking to retain a lot of data in an archive for a long time, the combination of security and capacity might be what encourages them to go for tape. Then, we have cost. Seems simple, right? But it’s just not as simple as it was a decade or so ago.

This is because the difference in the per TB cost between tape and disk is no longer the vast chasm that it once was. Over the last ten years, the cost of storing data on disk has fallen by over 80%. This means that whereas disk was once seen as a premium purchase, it’s now a commodity. So, how can tape compete?

Searching S3

Let’s look at some of the strong points of S3 storage in the Cloud. Most vendors will charge you for that S3 storage based purely on usage. If you are using 1 TB of storage, you’ll get billed for 1 TB. Hardened storage admins will know all too well how tricky it can be trying to eke out the last dregs of capacity in an overburdened array; that shouldn’t come into the equation with S3. In fact, the storage admin needs to be more focused on keeping the storage utilisation under control. With unlimited storage, it’s easy to use more than you really need.

As we’ve discussed, one of the flaws with any form of disk storage is that it’s never completely immutable. Although, that’s what your storage vendor might tell you. You might be told that your object storage is immutable because it doesn’t use the same protocol as your native file systems. And – or – because your backup application can only talk to it via API. But, there’s probably still the capability for a rogue actor to remove data directly from the buckets. In which case, you’d only find out when you tried to recover the data.

Winner winner, Tape or S3 for Dinner?

If things still feel a bit foggy to you, we’ll outline it here in a table. Each feature is marked out of 3 Predatar Approval Points.

If your priority is to preserve that airgap and to ensure that the data your company is keeping long-term is secure, storing that data on tape is going to be a compelling direction for you. If that’s not you, then you might want to consider the flexibility that you can get from S3. Just make sure that you consider any security implications are taken into account before you start to use it.