Australia’s worst ransomware attack sends a critical message – conventional anti-malware security solutions don’t provide enough protection against an evolving threat landscape. Organisations must look to next generation technologies for protection against malicious content.
The recent ransomware attack on Toll Holdings (Australia’s largest ever cyber-attack) sends a critical message to all organisations; not just about the potential damage that may result from a successful cyber-attack.
First, conventional anti-malware security solutions are falling short of the security standards required to protect modern infrastructure from an evolving threat landscape. Second, email and other file-based attack vectors remain the primary point of ingress for successful attacks.
The negative implications of a ransomware attack are extensive, akin to an act of wide-ranging cyber vandalism. The impact is not limited to the obvious financial costs but extends to other serious harm. From customer defection and contractual penalties, to substantial business disruption and IT clean-up costs. Not to mention the wide-ranging loss of trust, reputation and, in the case of a public company, lost shareholder value as its share price takes a beating.
There are a multitude of attack vectors that may be exploited by cyber-criminals and their malicious content. The challenge is to identify these vulnerabilities and deploy the necessary protection solution. Easily said of course.
If today’s reactive anti-virus and malware protection isn’t up to the job, organisations must look to emerging technologies, such as Content Disarm and Reconstruction (CDR), for effective protection against malicious content/code. Most malware protection relies on external libraries of known threats to protect content. But what if the threat is unknown, or newly emerged? How do you protect against a zero-day attack?
The most common attack vectors are inbound content/files, entering systems as email attachments or through file-sharing services. CDR is already proven to be effective against such cyber-attacks, especially against unknown malicious content and zero-day attacks.
Next-gen solutions are succeeding because developers have applied new thinking to these threats. Votiro Disarmer, for example, leverages patented CDR technology to stop malicious content in milliseconds, before it breaches your network. Its ultra-low latency means protection is provided without impacting on systems performance or productivity.
Unlike other, limited forms of CDR technology, Votiro Disarmer doesn’t simply flatten the content. Once disinfected, the original file form and functionality are restored.
Media reports suggest, in the Australian case, the malicious code was activated through an email sent to an unsuspecting recipient with an attachment including cleverly embedded malicious content.
Another recent ransomware attack, this time on a US natural gas facility, led to a two-day shutdown of operations, according to an alert from the Cybersecurity and Infrastructure Security Agency. Whilst no details of the attack source were provided, it’s likely that the attack vector was the facility’s control and communications assets within the OT networks.
The Cybersecurity and Infrastructure Security Agency has commented that critical infrastructure has increasingly become the primary target of such attacks and that the targets are often inadequately protected against and prepared for these threats.