By Prem Khatri, Vice President of Operations, Chetu, Inc.
Ransomware attacks are crippling businesses, government organizations, and educational institutions. And, these attacks are making the news.
In fact, the Sinclair Broadcast Group, a company that owns TV news stations, was hit by a ransomware attack in October 2021, according to Reuters. The wire service noted that some of Sinclair’s servers and workstations had been encrypted by the malware.
In April of this year, the Costa Rican government was hit by a major ransomware attack that affected multiple government agencies, according to the Associated Press.
Even educational institutions have become targets of cyberattacks. On May 2, 2022, Kellogg Community College (KCC), a Michigan-based community college, issued a written statement saying that the college would close all five of its campuses and cancel classes as part of an effort to resolve a ransomware problem. KCC’s website shows that the campuses are now open and classes have resumed.
Small businesses might not be as lucky, though. They might lack the resources needed to recover from ransomware, a type of malware that encrypts digital files, blocking access to them until an expensive ransom is paid. So, cybersecurity professionals should focus on providing software solutions that can be used to protect these businesses.
AdvisorSmith recently underscored the need for that protection. In November 2021, the company published the results of a survey showing that 41.8 percent of small businesses had been victims of a cyberattack in the past year.
These businesses must use endpoint security to guard against attacks. This type of security is used to secure a business network by protecting devices such as laptops, tablets, mobile phones, and digital printers from cyberattacks. Each of those devices serves as an endpoint, which is an entry point to a network.
Endpoint security software can analyze, detect, block, and contain cyberattacks. Two types of endpoint software are used by businesses to perform those tasks: endpoint protection platforms (EPP) and endpoint detection and response (EDR) software.
EPP software typically uses a database of malware signatures for detection. These signatures are the identifying digital characteristics of malicious files and programs.
An EPP platform might not be enough to stop those files and programs, though. A different approach is needed.
In the research paper, Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies, the Cybersecurity and Infrastructure Security Agency (CISA) recommends a layered approach to security known as Defense in Depth. In the paper, CISA notes that this approach involves applying multiple layers of defense. The idea of this strategy is that if one layer of defense fails, another layer can be used to thwart cyber criminals.
One way to add layers of defense is to use endpoint detection and response (EDR), which was defined by Gartner.com analyst Anton Chuvakin as a set of tools for detection and incident response. EDR software can be used to detect malware that has made it past preliminary defenses. This software uses behavioral analysis to detect and respond to attacks.
One emerging threat that is particularly difficult to detect is fileless malware, which doesn’t write files to a hard drive but exists in a computer’s RAM instead. This type of malware infects trusted software applications that have already been installed on a computer and uses processes from the computer operating system to launch attacks.
Endpoint detection and response (EDR) software can use continuous monitoring techniques to detect fileless malware, according to Ben Canner, a writer and analyst for SolutionsReview.com, an enterprise software news website.
One particularly insidious version of this malware is fileless ransomware. In an article on TrendMicro.com, Karen Victor describes one such instance of fileless ransomware: Netwalker. In the article, Victor says that the Netwalker ransomware attack is conducted through reflective dynamic-link library (DLL) injection. She also notes that this technique allows a DLL to be injected in a way that bypasses the windows loader. That way, she adds, the DLL isn’t loaded as part of a process and can evade DLL monitoring tools.
A DLL is a program module containing code used by multiple programs that run on the Windows operating system.
Protection for Small Businesses
Ultimately, small businesses need access to advanced endpoint protection tools that can stop fileless ransomware and file-based ransomware. Such tools should be supplied as part of affordable solutions. After all, small businesses have extremely limited budgets but, as a whole, employ a lot of people.
Software proprietors and off-the-shelf software companies should work closely with these businesses to ensure that advanced endpoint software such as EDR software can be deployed quickly.
About the Author
Prem Khatri is the Vice President of Operations for Chetu, Inc., a global, custom software development company, where he oversees all development projects and technical operations. His primary responsibilities are to lead, track and manage technical teams that create custom software solutions. His background includes software development using C++, Java, and Microsoft technologies. Since joining Chetu in 2008, he has helped the company become an award-winning global presence in the customized software development field. Prior to joining Chetu, Prem worked for Tata Consultancy Services, as well as Blue Star Infotech, and is a graduate of both the University of Mumbai and Savitribai Phule Pune University. Prem is a certified Project Management Professional (PMP). He can be reached online at our company website, www.chetu.com.