- Ransomware attacks have evolved to include more than basic encryption for ransom, and now comprise public shaming of victims, attempts to sell the compromised data on the dark web, and expanding deception tactics.
- A careful evaluation is required for IT products claiming to enable zero-trust security, as many companies haven’t effectively implemented adaptive security controls.
- Despite the security offered by air gaps, these systems can be breached via multiple methods, underscoring the need for a comprehensive security strategy.
Ransomware attacks have advanced from simple encryption strategies to multifaceted maneuvers. These now extend to public shaming of victims on dedicated websites, attempts to sell the compromised data on the dark web, and expanding deception tactics, according to David Strom, senior cybersecurity reporter at SiliconANGLE Media Inc.
Strom pointed to the increasing sophistication of ransomware actors, stating that in some instances, these actors have exploited vulnerabilities to the extent where they have filed SEC compliance disclosures claiming their victims hadn’t disclosed breaches. “It’s out of control,” he said.
This complex issue lies at the intersection of data protection, specifically backup and recovery, and the broader realm of cybersecurity. During an interview at the Cyber Resiliency Summit, Strom highlighted the need for careful evaluation of products claiming to be pioneers in the zero-trust security space. As the narrative around zero trust gains traction, many enterprises are yet to effectively implement adaptive security controls.
While air gaps theoretically provide a safeguard for crucial computer systems or data, these can be breached through various methods such as the use of USB thumb drives. This highlights the need for a comprehensive security approach, going beyond relying solely on air gaps.
Strom also noted the underestimated level of expertise of threat actors and hackers, revealing an increase in blended threats. For instance, denial of service attacks are being combined with other techniques, making threat detection more difficult. Stated Strom, “The situation is getting more complicated.”