“A zero trust architecture can protect against ransomware” was the resounding claim made by Ben Jenkins, senior solutions engineer at ThreatLocker, during a session at Black Hat Europe 2021.
The session titled ‘Moving Beyond Threat Detection – A Look at The Future of Cybersecurity with Zero Trust,’ focused on the state of cybersecurity and how to protect against ransomware with a zero trust architecture.
The session began with a thorough exposition of software – the tagline being that its possibilities are “endless.” Additionally, “there is good software and bad software,” stressed Jenkins, and “yes, malware is just software.” Yet, malware is having a “devastating” impact on all sectors. “560,000 malware infections are found each day, attackers hit 1-4 businesses each day and there are over one billion pieces of malware in existence,” warned Jenkins. “The malicious possibilities are endless.”
Continuing his exposition, Jenkins highlighted early types of malicious software. “AIDS Trojan is one of the first documented versions of malware,” remarked Jenkins, which dates back to 1989. Floppy-disc-based, victims were forced to pay $189 to release their encrypted data.
“If we fast forward to today, malware looks very different,” rued Jenkins. He highlighted the WannaCry Attack, which has an estimated cost of £92m and resulted in 200 NHS hospitals being “severely affected,” going on to cripple one third of NHS trusts overall. “Another is the Conti Attack,” which occurred in May this year and resulted in significant disruption to the Irish health service provider, “with an estimated cost of €500m.” By September, 95% of services were back up and running. Worryingly, 5% of services are still down.
As of October 2021, businesses with 11-100 employees comprise 32% of ransomware victims, while businesses with 101 to 1500 comprise 30% of ransomware victims. “Ransomware attack vectors shift as new software vulnerability exploits abound.”
“Threat actors are innovating how they deliver malware,” stressed Jenkins. Examples listed include SolarWinds, Kaseya, rubber ducky attacks and exploiting vulnerabilities.
With all of this, “how can we solve the problem?” asked Jenkins. “There are solutions,” he continued, which focus on the human side, control side and detection side of a security stack. “Zero trust is that solution,” commented Jenkins, which is “primarily about least privilege.” Crucial constituents of a zero trust approach include application whitelisting, elevation control and storage control.
Overall, “the only way to offer a proper defense,” remarked Jenkins, is to “change the paradigm of endpoint security.”
- The average ransomware payout is now £170,000
- 77% of ransomware attacks involved the threat to leak exfiltrated data
- The data will not be credibly destroyed
- Ransomware attacks still disproportionally affect small businesses
- Average 23 days of downtime