Select your language

Micro-segmentation to break a chain of ransomware attacks

Romper cadena ransomware

International. Guardicore ensures that microsegmentation can break a chain of ransomware attacks, as it contains it in its earliest stages thus preventing it from doing damage. 

Oswaldo Palacios, senior account executive for Guardicore, said that knowing the entire chain of ransomware attack, as well as the evidence that precedes the aggression drastically increases the ability to limit the impact of these types of threats and, in some cases, limits the probability of them happening.

The executive mentioned that this type of assaults are the product of human curiosity, when entering links and opening emails with titles such as "here you have your DHL shipment", "your partner is unfaithful ... here you have the proofs", "your Amazon account is compromised", and so on. Therefore, it is important to know the modus operandi of cybercriminals and take into account all possible weak points, from the network to the cloud.

In short, the current context is that cybercriminals and 'state hackers' have become sophisticated enough to use ransomware and enter large companies, federal administrations, global infrastructures or public health organizations and paralyze them.

- Publicidad -

In fact, some relevant data is that by 2011, there was a ransomware attack every eleven seconds in the world, with a global cost of 20. $000 million. Today, the average cost of rescuing information from a ransomware attack amounts to $84,000 and, according to data from the IBM Security X-Force Threat Intelligence Index 2022 report, ransomware persisted as the top attack method observed in 2021, where Latin America accounted for 29% of attacks.

Most delicately, according to the same report, the groups responsible showed no signs of stopping, despite the uptick in defenses against their attacks. Other data from this document point out that REvil was the most common type of ransomware and the average life of a band, before closing or changing its brand, is 17 months.

Phases of a ransomware attack

Ataque ransomware
According to Oswaldo Palacios, a chain of attack is usually divided into four phases. First the 'initial infection', when the hacker breaches the perimeter, here the malicious entities must get an initial foothold. Normally, this is not a lucrative target or a manager.

As a second is the 'lateral movement', in this phase the attacker seeks to obtain the necessary privileges for encryption, while advancing towards valuable systems and assets.

Thirdly we find 'encryption', which is when ransomware enters a target computer, this is the point where if the organization victim of the attack had a proper segmentation policy it could minimize the damage.
Finally there is the 'propagation' phase. The attack reaches the backups, valuable files and workloads necessary for business activity, which leads to "a catastrophe".

To explain this better, Oswaldo Palacios referred to an exemplary case, the cyberattack on Colonial Pipeline, one of the most important oil pipeline companies in the United States, which paid almost five million dollars to the DarkSide ransomware group, in an attack that caused the fuel supply to be cut off in much of his country.

- Publicidad -

In this case "the cybercriminals managed to access the network through a virtual private network account, which allowed employees to remotely enter the company's network. That way they had access to the perimeter, then moved towards the escalation of privileges with the aim of accessing the most valuable and confidential data, to finally encrypt them. They were definitely very aggressive, for this reason the attack was very successful."

Microsegmentation as a response
So, for the Guardicore executive, micro-segmentation interrupts the ransomware attack chain in the earliest phases, before the damage occurs.

According to the consulting firm Forrester, micro-segmentation involves splitting a network to a granular level so that security teams have the flexibility to apply the right level of protection to each workload, based on the sensitivity and value of the business.

Microsegmentación de la red

In such a way, the microsegmentation approach begins with visualization. One of the big hurdles many organizations face is the lack of a clear view of activity across all on-premises and cloud environments. "Microsegmentation collects and displays granular information about users, systems and communication flows, using artificial intelligence and integrations with existing data sources to add context," explained Oswaldo Palacios.

The executive added that with a few clicks from the interactive map, or by selecting from a library of policy recommendations, it is possible to implement highly granular policies, down to the level of processes and individual users if necessary. "Finally, we can start applying the policy that will disrupt the chain of attacks, there is the possibility of creating custom policies that adapt to the unique needs of a company," he said.

- Publicidad -

In closing, Palacios reiterated that the combination of full visibility and context-driven policy creation is what makes a micro-segmentation solution bring incredible value to businesses and offer more opportunities to disrupt the chain of ransomware attacks at the earliest stages.


No comments

• If you're already registered, please log in first. Your email will not be published.

Leave your comment

In reply to Some User
The Challenge of Global Instability: Towards a Comprehensive Security and Defense Response

The Challenge of Global Instability: Towards a Comprehensive Security and Defense Response

The growing convergence between physical and digital threats is forcing organizations to rethink their security strategies. Faced with this scenario, there is a need for comprehensive approaches...

AI applied to medical security

AI applied to medical security

The Directorate of the Medical Emergency System (SEM), attached to the Ministry of Health of El Salvador, strengthened its technological infrastructure with the modernization of its video...

Eight Red Dot Awards Highlight Innovation in Technology Design

Eight Red Dot Awards Highlight Innovation in Technology Design

International. The technology company Ajax Systems announced that it has won eight awards in the Red Dot Design Award, one of the most prestigious global awards in the field of industrial design....

Villa María del Triunfo reinforces its security with intelligent video surveillance

Villa María del Triunfo reinforces its security with intelligent video surveillance

Peru. The district of Villa María del Triunfo has launched an intelligent video surveillance system that already shows results in terms of citizen security and that will be expanded in a second...

Milestone Systems grows 10% by 2025 and reinforces its commitment to artificial intelligence and intelligent video

Milestone Systems grows 10% by 2025 and reinforces its commitment to artificial intelligence and intelligent video

Denmark. The company reported net income of $340 million in 2025, representing a 10% growth from the previous year. The company spent about a third of this revenue on innovation, with an emphasis on...

Micro Key Solutions Reinforces Latin America Strategy with New Key Appointments

Micro Key Solutions Reinforces Latin America Strategy with New Key Appointments

United States. In response to the growth in demand for monitoring and management software solutions in the security industry, Micro Key Solutions announced the expansion of its operations in Latin...

Grupo Multisistemas strengthens its presence in Mexico with a new office in Morelia

Grupo Multisistemas strengthens its presence in Mexico with a new office in Morelia

Mexico. Grupo Multisistemas de Seguridad Industrial (GMSI) advances in its national growth strategy with the inauguration of new offices in Morelia, Michoacán, with the aim of expanding its coverage...

Case study: Security system modernization with artificial intelligence and centralized monitoring

Case study: Security system modernization with artificial intelligence and centralized monitoring

Mexico City. The Superior Audit Office of the Federation (ASF) implemented an ambitious technological renovation project in its five headquarters located in Mexico City, with the aim of...

Automated key and equipment management strengthens security in mining operations

Automated key and equipment management strengthens security in mining operations

International. Access and equipment management in the mining industry is evolving towards increasingly automated models, in response to operational complexity and occupational safety demands.

Security becomes a technological platform

Security becomes a technological platform

Mexico. Security is moving from a set of standalone systems to an integrated technology platform that combines artificial intelligence, video analytics, sensors, access control, and data platforms....

Suscribase Gratis
Remember Me
SUBSCRIBE TO OUR ENGLISH NEWSLETTER
DO YOU NEED A SERVICE OR PRODUCT QUOTE?
LATEST INTERVIEWS
SITE SPONSORS










LATEST NEWSLETTER
Latest Newsletter