Ransomware has been a problem for decades. How long are we going to ignore it?
Judging by the recent ransomware attacks in the US, first the shutdown of Colonial Pipeline and then the severe impact on JBS, critical infrastructure has been continuously damaged. However, these are only a fraction of the more than a decade of extortion attacks.
Early ransomware attacks typically occur in healthcare facilities, in part because they rely on hard-to-update IT infrastructure and vulnerable operating systems, as well as the severe and even life-threatening effects of hospital network outages.
Over the years, ransomware attacks have repeatedly appeared in TV dramas and been widely reported in the media. But why is it important enough now?
-
With the development of network technology, daily life and office mostly rely on the network, but the pace of network security development is lagging behind the network technology;
-
Ransomware attacks have gradually shifted from enterprises to large-scale critical infrastructure, which has brought great troubles to social operation and national life and seriously affected social and economic development.
-
With the uncertainty of the form of international development, ransomware has been gradually weaponized from the original simple blackmail, and the field of struggle has shifted from the original mode to cyberspace.
Even the United States, which is at the forefront of cyber technology, cannot escape the risks of inadequate cyber security.
The SolarWinds attack (though not the ransomware attack) illustrates the vulnerability of IT infrastructure and the interdependence of our networks. Ransomware attacks and software supply chain attacks have wreaked havoc on the economy, power, water and financial systems.
Common network security measures are considered safe and reliable defenses against ransomware attacks. These best defenses include resolving vulnerabilities, automated patching (especially for critical servers and applications), leveraging multi-factor authentication and password elimination, anti-phishing and anti-ransomware solutions on mobile devices and user endpoints, and implementing a zero-trust architecture framework.
These methods help mitigate the more sophisticated forms of ransomware attacks now facing, but are not foolproof.
With the combination of ransomware attack and software supply chain attack, the traditional counterattack method is slightly inferior. Research continues to show that cybercriminals can easily bypass security protection software and exploit vulnerabilities in applications to hack into devices and steal data. In addition, cybercriminals continue to push the envelope, often carrying out attacks by surprise.
Therefore, traditional security protection is not enough to truly protect against ransomware, which is why security moves to the left are increasingly advocated.
In the traditional software development process, the software security test focuses on the black box test before going online, and then implements security protection on the application after going online in the form of vulnerability patches and application of security protection software. This approach cannot achieve total defense in today’s rapidly changing attack methods. Black-box tests show only flaws in systems that are running dynamically, but not unknown vulnerabilities, making them good targets for malware that can bypass security defenses.
In the process of safe left shift, in addition to the traditional black box detection, static code detection tools are used to find known and unknown vulnerabilities caused by coding problems from the coding stage, and code writing is standardized to avoid unnecessary system vulnerabilities. The combination of IAST and SCA can reduce system vulnerabilities in the development process and strengthen the ability of application software to defend against network attacks.
With the continuous development of network technology, network security has become a key international issue. Network security is related to the overall security of the country, for the maintenance of public security and national important secret information security is of great significance. Therefore, this problem cannot be ignored. Under the background of increasingly complex network environment, solving network security loopholes, purifying the network environment, improving the entire network system, and vigorously developing home-made application software and security products have become the primary network problems that relevant departments and technical personnel in China should face.
Reference link:
www.woocoom.com/b021.html?i…
www.darkreading.com/risk/are-ra…