Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 10
In this blog series members of Optiv's attack and penetration team are covering the top 20 Center for Internet Security (CIS) Critical Security Controls (CSC), showing an attack example and explaining how the control could have prevented the attack from being successful. Please read previous posts covering:
CSC 10: Data Recovery Capability
The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.
Data recovery, or specifically data backups, might be one of the most known and least implemented controls. Having good data recovery can be the difference between an attack causing massive data loss and an attack only causing minor down time. In general, most attacks are more focused on compromising data than destroying data. This is not always true though, with the most notable and notorious attack that destroys data being ransomware. Not only has ransomware proved to be very effective at destroying data, it has also proven to be lucrative for attackers, which will only increase the frequency and sophistication of these attacks.
In this attack example I am going to demonstrate just how easy it is to create ransomware that attacks and holds for ransom personal and company data. There are a few examples of open source ransomware on the internet that anyone can download and use for free (though some of these projects have recently stopped). There are also paid examples where criminals can buy this particular type of malware for usage.
What makes ransomware so dangerous is how easy it can be to make. This also leads in to how hard it might be to detect each newly created ransomware. In short you really only need three parts to build ransomware
These are really the three main parts of ransomware. There are much more sophisticated examples that have command and control servers, different evasion tactics and advanced key exchange protocols. Though all these things help create a more advanced and user friendly ransomware they’re not needed to create an effective tool.
So my simple ransomware is a Windows executable that when ran will find files of a certain extension, encrypt them with a pre-seeded key, then alert the user that their files are encrypted and they must pay a ransom. This only took me a day to create and is undetectable to antivirus.
Figure 1: Ransomware and a few test files
Figure 2: Test text data
Figure 3: Encrypted data
Figure 4: Ransom note
If creating ransomware is easy, and my antivirus won’t detect custom or advanced ransomware, what’s the solution? Having good data recovery is one of the best ways to combat ransomware. Not only is the backup important to safe guard data but it also can recover the data that was encrypted via ransomware. Simply backing up data is not truly enough to ensure its integrity and availability. With this in mind here are some things to consider when implementing or evaluating your data recovery solution.
By implementing data recovery, you stand the best chance to protect your data from attackers via ransomware or other data attacks. Data recovery may seem like a costly investment in the “just in case” scenario, but if implemented properly when other controls fail your data can still be recovered.
The next post will cover CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers and Switches.
Let us know what you need, and we will have an Optiv professional contact you shortly.