Blocking Cybercriminals from Accessing Company Data
In the digital age, a ransomware family can be as destructive as an old school Mafia family. In June, meat processor JBS paid an $11 million ransom to cybercriminals after its plants, including one in Worthington, were shut down by a cyberattack.
It followed a May episode in which Colonial Pipeline Co. paid a $4.4 million ransom to hackers so it could resume the flow of fuel on the East Coast.
“Ransomware is evolving and it’s becoming more sophisticated,” said Charles Horton, COO of NetSPI. “You don’t have just singular threat actors looking for weaknesses.”
Minneapolis-based NetSPI started marketing a new cybersecurity service in June just as businesses large and small were rattled by the scale and brazen nature of those attacks.
October has been Cybersecurity Awareness Month since it was launched in 2004 by the U.S. Department of Homeland Security and the National Cyber Security Alliance. In recent years, cyberattacks have been elevated as a top concern of business executives, because of the damage being done by cyberthieves and the need to constantly identify and combat new threats.
President Joe Biden issued a statement on Friday addressing the topic. “I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security,” Biden said.
Often a web of people works together to attack a business, a nonprofit, or a public agency. First come the malware creators, Horton said. Then other bad actors “go out and find the vulnerabilities, which could be different than the groups that actually execute the ransomware.” He noted these players are “chained together” in an operating model.
Horton said some businesses have a false sense of security about what level of protection their current cybersecurity systems provide.
‘Ransomware attack simulation’
“The gap that we found is with event monitoring tools,” he said. “They only identify a very low percentage of the most common attacks.” NetSPI now offers a “ransomware attack simulation” service.
NetSPI’s product mimics the “tactics, techniques and procedures” used by ransomware attackers, so more threats can be detected, Horton said. “When they do [find them], alerts just start firing off and a customer or a business can execute their response plan.”
“Breach and attack simulation” is a new market segment in cybersecurity, in which companies can test their ability to block ransomware attacks, according to a 2021 report from global advisory firm Gartner.
NetSPI sells its new technology-enabled service directly to customers. NetSPI provides cybersecurity offerings to nine of the 10 top banks in the United States, Horton said. What it will charge for the simulation service depends on the depth and breadth of the attack simulation assessment.
“We are up to more than 200 different attack plays that we can run on a daily basis in a business environment,” Horton said, which are designed to prevent attackers from installing malware, accessing data, and then demanding a hefty ransom.
Key business acquisition
Silent Break Security developed this new attack simulation technology platform. In December, NetSPI announced its acquisition of Silent Break Security, a Utah-based security testing firm.
“Through this acquisition, NetSPI will broaden its footprint to create a complete package for offensive cyber security and attack surface management,” NetSPI said in a December statement. “With the integration of Silent Break Security’s manual testing team, along with its proprietary software platforms and toolsets, NetSPI will improve its ability to scale up vulnerability management programs to meet client needs.”
Ransomware attacks can lead to cybercriminals accessing private data on individuals and businesses, cause service disruptions, and prompt companies to pay several million dollars in ransoms.
Last week, the Wall Street Journal reported on a ransomware attack that may have caused the subsequent death of a baby. A woman gave birth in an Alabama hospital in 2019 during a ransomware attack, which lasted for several days.
During a difficult delivery, the baby’s supply of blood and oxygen was cut off. Because of the ransomware attack, the hospital was operating at a limited level. The attending physician did not see a key heart monitor readout, which she said in a text to a colleague would have led her to do a caesarean section.
The baby, who sustained severe brain damage, died months after her birth. The baby’s mother sued the hospital, and the hospital denies any wrongdoing. If the mother prevails in court, the Wall Street Journal reported, “the case will mark the first confirmed death from a ransomware attack.”
Cybersecurity has become a high priority issue for government leaders around the world. This month, the U.S. “will bring together 30 countries to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically,” President Biden said in a Friday statement.