The news of the Colonial Pipeline hack has raised general awareness of how vulnerable some of our key infrastructures are against modern cyberattacks. Deterrence against ransomware isn’t a pipe dream, however, and many experts are working to shore up defense contractor compliance frameworks to help mitigate this threat.
What is Ransomware?
Ransomware is malicious software that locks users from accessing their data with the intent of extorting an organization for money. Typically, ransomware works by encrypting parts or the entirety of a directory or hard drive. Because of the way encryption works, the attacker can essentially lock that data away behind encryption and hold it ransom, offering the decryption key for the payment of a sum of money (and threatening to destroy the key if not receiving that payment, rendering the data lost).
More recently, many of these ransomware attacks come with the distinct threat of data leaks. For example, the PDI Group, a military contractor, fell victim to the Babuk Locker ransomware. The operators of Babuk threatened to and eventually did, release 120MB of government and company credit card data to the dark web.
Unfortunately, ransomware has evolved to combat modern deterrence efforts or lack thereof. Many ransomware programs include the ability to observe systems, behave as other processes and delete or modify audit logs to cover their tracks.
Ransomware and Cyber Hygiene
As recently as May 6th, another defense contractor was hit with a ransomware attack. BllueForce, a service provider working with Defense and State departments, was infected with Conti ransomware and their data was held hostage for $1 million in Bitcoin.
These kinds of unfortunate incidents aren’t unheard of, and as news emerges of increased security threats and attacks against industrial and commercial businesses as well as the Defense Industrial Base (DIB). Nearly any contractor working with the government is a target, with a wide range of businesses covering communications technology, cloud services and weapons systems support in the crosshairs.
President Biden has responded with a strong Executive Order outlining a new federal commitment to standardized cybersecurity requirements to help face these challenges. Even with the best compliance and security guidelines in place, however, it’s still up to contractors and their compliance partners to do their part and ensure that they are maintaining security controls, risk management practices and governance behaviors.
The challenge facing contractors and compliance partners is that ransomware attacks are just part of a difficult battle against common threats, including classic attacks like phishing, injection and drive-by downloads. It’s critical for agencies, contractors and providers to practice high levels of cyber hygiene.
Deterring Ransomware Attacks
A March 2020 report from the U.S. Cyberspace Solarium Commission curated 400 interviews from cybersecurity experts in the field. The report determined that it is in fact possible to mitigate or prevent cyberattacks with the right security measures and practices in place.
However, the right way to deter attacks is for everyone to implement the right hygiene standards. According to the National Institutes of Standards in Technology (NIST), this includes practices like:
- Create and implement clear, role-based and zero-trust access controls. It’s of the utmost importance that critical data isn’t accessible by anyone unauthorized to use it. Zero-trust principles ensure that no one can simply access system resources without authentication.
- Utilize upgrade and patch management. Understanding patches and upgrade cycles can overwhelm IT departments attempting to manage complex systems. A patch and update management program can help streamline this work while also ensuring that you’re always using the latest updates on your software and platforms. Also, patches are released for a reason.
- Utilize web and email filters to minimize phishing. Phishing is still, after all these years, one of the most prominent security attacks in the world. Employees are simply not aware of how attackers can fool them. That is why good cyber hygiene calls on you to set filters and warnings on external email addresses and suspicious web pages.
- Get compliant and stay that way. Compliance is more than just checking a box that says you can work within an industry. Compliance standards are in place to protect you from attacks that occur when and where you least expect it. With new frameworks like CMMC coming (and with Biden’s executive order set to bolster national cybersecurity infrastructure), it’s necessary to invest in modernizing your systems and maintaining continuous monitoring standards for any relevant frameworks.
- Back up your data. Ransomware is most effective when the victim doesn’t have any recourse against losing their data. With modern cloud infrastructure, including hybrid cloud environments and high-performance cloud storage platforms, there is no reason for a government contractor to not have redundant backups in place.
Continuous Security Managed with SecureStrux
Ransomware attackers are not losing their edge or their ingenuity when it comes to developing new ransomware attacks. According to the Cyberspace Solarium Commission, it is up to private sector businesses to “strengthen their security posture” to help manage the variety of threats facing the complex defense supply chain infrastructure.
For contractors to offer their unique services to the DIBNet and promote our general security and defense, they must maintain cybersecurity with a combination of comprehensive compliance and proactive security. Ransomware deterrence and mitigation is a combined effort of good cyber hygiene practices and works with security experts to ensure those practices are within compliance standards.
If you are working with Defense agencies and want to proactively defend yourself against potential ransomware attacks while maintaining RMF, CCRI, or CMMC compliance, contact us to learn about our managed security and compliance services.