Ransomware is the de facto threat organizations have faced over
the past few years. Threat actors were making easy money by
exploiting the high valuation of cryptocurrencies and their
victims’ lack of adequate preparation.
Think about bad security policies, untested backups, patch
management practices not up-to-par, and so forth. It resulted in
easy growth for ransomware extortion, a crime that multiple threat
actors around the world perpetrate.
Something’s changed, though. Crypto valuations have dropped,
reducing the monetary appeal of ransomware attacks due to
organizations mounting a formidable defense against ransomware.
Threat actors have been searching for another opportunity – and
found one. It’s called data exfiltration, or exfil, a type of
espionage causing headaches at organizations worldwide. Let’s take
a look.
The threat to reveal confidential information
Information exfiltration is rapidly becoming more prevalent.
Earlier this year, incidents at Nvidia, Microsoft, and several
other companies have highlighted how big of a problem it’s become –
and how, for some organizations, it may be a threat that’s even
bigger than ransomware.
Nvidia, for example, became entangled in a complex tit-for-tat
exchange with hacker group Lapsus$. One of the biggest chipmakers
in the world was faced with the public exposure of the source code
for invaluable technology, as Lapsus$ leaked the source code for
the company’s Deep Learning Super Sampling (DLSS) research.
When it comes to exfil extortion, attackers do not enter with
the primary aim of encrypting a system and causing disruption the
way that a ransomware attacker does. Though, yes, attackers may
still use encryption to cover their tracks.
Instead, attackers on an information exfiltration mission will
move vast amounts of proprietary data to systems that they control.
And here’s the game: attackers will proceed to extort the victim,
threatening to release that confidential information into the wild
or to sell it to unscrupulous third parties.
Exfil can be far more damaging than ransomware
For victims, it’s a serious threat because threat actors can
acquire the keys to the safe. Competitors can use trade secrets to
produce copies of products or aid in their R&D efforts or
information that could lead to a costly public relations
disaster.
Either way – public exposure of information can be a threat
greater than ransomware because ransomware demand can be resolved
by paying up (or by retrieving backups). Leaked information – well
– that’s something that may be unfixable. It’s easy to see why
threat actors can find extortion based on information leakage to be
an even more attractive target than mere ransomware.
It’s worth noting that part of the drive for this type of attack
also lies in the current state of world affairs which have created
a strong demand for intellectual property transfer across opposing
geopolitical lines. There’s also arguably greater leniency against
actors attacking “the other side,” even when local judicial systems
consider the attack a crime.
In for the long haul
There’s another theme that’s emerging in the exfil space. It’s
interesting to note something that cybersecurity teams have known
for a long time: for malicious actors, it’s beneficial for an
attacker to stay undetected for an extended period of time.
Staying quietly, rather than flashing “you’ve been hacked”
messages on computer screens, allows attackers to “see” more
information flows in the network and to do more in-depth
reconnaissance of systems after gaining entry.
More time in the network means attackers can identify more
desirable targets than just a simple ransomware deployment. Patient
threat actors could do far more harm; if they remain
undetected.
Protective measures still work
What can organizations do to guard against extortion? Well, the
same cybersecurity principles continue to count, even more so given
the greater risk.
After so many years of alarming headlines, most organizations
have deployed ransomware protection in the form of better backup
strategies, more fine-tuned and granular data access, and better
rules and monitoring for detecting unwanted file changes.
It’s made ransomware attacks harder, often acting as a deterrent
against attackers simply looking for easy targets. Protecting
against malware infections or information exfiltration starts with
properly maintaining infrastructure.
Seamless patching remains at the core
That includes keeping systems up to date with the latest
patches. It’s not just a guard against ransomware, of course:
patched systems also close the easy paths to critical business
information so that threat actors are not in a position to siphon
off critical business information.
Suppose your organization is still relying on patching
operations that involve maintenance windows. In that case, it’s
worth considering whether patching is happening fast enough to
protect your organization against information exfiltration
threats.
Can’t patch fast enough? Take a look at [1]. [2] helps you stay protected
against emerging threats immediately, with little lag between
threat emergence and mitigation. With one simple, affordable
addition to your cybersecurity arsenal, you can put in place the
simplest and most important line of defense against attackers
looking to hold you for ransom.
Read more https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html