In May 2017 the WannaCry ransomware wrecked devastation across Europe – within just hours 200,000 machines were infected, with organisations like the NHS crippled by the biggest ever cyber attack in Internet history.
Within weeks, a new ransomware strain resembling Petya started spreading around Europe, affecting institutions, banks and national infrastructure and utility providers.
Make no mistake, the volume of cyber attacks is on the up – with malware attacks proving a particularly lucrative attack vector for today’s cyber criminals.
Targeting individuals and organisations on a daily basis – ransomware can affect computers, servers and cloud-based sharing systems, going deep into a business’ core.
Users clicking a link in a spam email or activating macros in a malicious document will unleash devastating encryption or locker ransomware that penetrates devices and networks – leaving organisations with little option but to pay a ransom to recover or access their data.
What’s less understood is the truly pernicious nature of malware.
Utilising complex evasion techniques that go undetected by traditional antivirus solutions, it often recruits affected PCs into botnets so that cyber criminals can expand their attack infrastructure and fuel future attacks.
What’s more, malware often features data exfiltration capabilities. Which means it can extract data from an infected device – like usernames, passwords or email addresses – to a server controlled by cyber criminals. In other words, encrypting files isn’t always the only endgame in town for cyber criminals.
Traditional security technologies simply aren’t designed to deal with today’s increasingly sophisticated variants. Many use anti-sandboxing mechanisms that antivirus won’t pick up and often employ domain shadowing to conceal exploits and hide communications between the downloader and servers controlled by cyber criminals.
Malware and ransomware has become a highly lucrative global extortion business, with new variants and delivery mechanisms emerging on an almost daily basis. Little wonder it offers such rich pickings, because as more people, processes, data and things become connected, the opportunities for infiltration are growing exponentially – especially with growing numbers of mobile users work now remotely from enterprise networks.
For today’s IT managers, combating this security challenge is a top priority. No easy task when cyber criminals often use relatively unsophisticated techniques like phishing to get into organisations. So, while the IT team is focused on things like secure gateways and firewalls, protecting users anywhere they go – both on and off the corporate network – is a much tougher task. Gartner predict that in 2018 25% of corporate traffic will be beyond the perimeter of the Corporate network and so only protecting 75% of traffic at best.
What’s needed is a proven way to deflect ransomware and ward off more complex attacks.
Here at ISN we believe in taking a layered approach to network security, with a focus on protecting primary infection points like email and web gateways – and monitoring the DNS layer for malicious traffic. Which is why we use solutions like Cisco’s Umbrella to protect our customers.
Simple to deploy, and easy to manage, Cisco Umbrella uses DNS to stop threats over all ports and protocols – even direct-to-IP connections. Preventing malware from ever reaching your endpoints or network, you gain visibility and enforcement at the DNS layer.
By delivering security from the cloud, and using the Internet’s infrastructure to block malicious destinations before a connection is ever established, Cisco Umbrella features real-time intelligence and monitoring of your DNS connections to enforce security by default. Plus, it can stop data exfiltration in its tracks.
Even better, you can integrate Cisco Umbrella with your existing security solutions to amplify protection.
Learn how to stay one step ahead of attackers by protecting your organisation before, during, and after an attack using Cisco Umbrella. Join us for a free 30 minute Webinar exploring Cisco Umbrella, on Tuesday 10th October 2017 at 11:00am.