Detect Ransomware Data Exfiltration Immediately

By Randy Reiter CEO of Don’t Be Breached

Ransomeware Attacks Have Increased During the COVID-19 Pandemic

An off-site workforce has resulted in new security concerns since hackers now have many new ways to penetrate conventional security defenses. Ransomware gangs often go undetected for weeks or months once they have gained high level access to an organization’s network, servers and databases. The ransomware gang may try to move laterally across other systems in an organization to access as much confidential data as possible.  Ransomeware attacks in the financial industry for example increased by 1,300% in 2021.

Prior to issuing a demand for a ransomware payment from an organization the hacker group has almost always already exfiltrated confidential database data from the organization. The exfiltrated data is then later sold on the Dark Web to other ransomware groups even if a ransomware payment has been made to the original hacking group.

Ransomeware Hackers May Be Hidden in Your Network for Months

• JBS May 31, 2021. JBS is one of the largest meat suppliers in the US. Hackers caused it to temporarily halt operations at its five largest US-based plants. The ransomware attack also disrupted the company’s Australia and UK operations. JBS paid the hackers $11 million in ransom money. The hackers began with a reconnaissance phase in February 2021, followed by Data Exfiltration from March 1 to May 29, 2021.
• Colonial Pipeline May 6, 2021. The largest refined’ products pipeline in the US went offline on May 6^h. The pipeline covers 5,500 miles and transports 100 million gallons of fuel daily. The hackers gained access to their network April 29. On May 6 Data Exfiltration began with the hackers stealing 100 gigabytes of data before locking Colonial Pipeline computers with ransomeware. The pipeline paid hackers $4.4 million in ransom money on May 7th.
• CNA Financial March 23, 2021. CNA Financial, the seventh largest commercial insurer in the US announced it had sustained a sophisticated cybersecurity attack. CNA Financial eventually paid $40 million in May 2021 to get its data back.

Conventional approaches to cyber security may not prevent Data Exfiltration and Data Breaches. In 2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense Agency recognized this and all issued requests for proposals (RFP) for network full packet data capture for Deep Packet Inspection analysis (DPI) of network traffic. This is an important step forward protecting confidential database data and organization information.

Zero-day vulnerabilities that allow hackers to gain system privileges are a major threat to all organizations encrypted and unencrypted confidential data. Confidential data includes: credit card, tax ID, medical, social media, corporate, manufacturing, trade secrets, law enforcement, defense, homeland security, power grid and public utility data. This confidential data is almost always stored in DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL and SAP Sybase databases.

How to Stop Data Exfiltration and Data Breaches with Deep Packet Inspection

Protecting encrypted and unencrypted confidential database data is much more than securing databases, operating systems, applications and the network perimeter against Hackers, Rogue Insiders and Supply Chain Attacks.

Non-intrusive network sniffing technology can perform a real-time Deep Packet Inspection (DPI) of 100% the database activity from a network tap or proxy server with no impact on the database servers. The database SQL activity is very predictable. Database servers servicing 1,000 to 10,000 end-users typically process daily 2,000 to 10,000 unique queries or SQL commands that run millions of times a day. Deep Packet Analysis does not require logging into the monitored networks, servers or databases. This approach can provide CISOs with what they can rarely achieve. Total visibility into the database activity 24×7 and 100% protection of confidential database data.

Advanced SQL Behavioral Analysis from DPI Prevents Data Exfiltration and Data Breaches

Advanced SQL Behavioral Analysis of 100% of the real-time database SQL packets can learn what the normal database activity is. Now the database query and SQL activity can be non-intrusively monitored in real-time with DPI and non-normal SQL activity immediately pinpointed. This approach is inexpensive to setup and has a low cost of operation. Now non-normal database activity from Hackers, Rogue Insiders or and Supply Chain Attacks can be detected in a few milli seconds. The Security Team can be immediately notified and the Hacker session terminated so that confidential database data is not stolen, ransomed or sold on the Dark Web.

About the Author

Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He is the architect of the Database Cyber Security Guard product, a database Data Breach prevention product for DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and SAP Sybase databases. He has a Master’s Degree in Computer Science and has worked extensively over the past 25 years with real-time network sniffing and database security. Randy can be reached online at [email protected], www.DontBeBreached.com and www.SqlPower.com/Cyber-Attacks.