| Subcribe via RSS

The (Immediate) Future of Ransomware

April 26th, 2016 | No Comments | Posted in IT Industry, Security

ransomware-chartIn keeping with the fact individuals and enterprises are seeing and experiencing a lot more occurrences of ransomware, I’m also seeing a lot of articles and comments either discussing it and what to do about it or providing some siloed indicators of where ransomware might go.

A number of comments, in my opinion, are aimed at what ransomware has been up until now and how to combat it.  Very soon, few if any of these suggestions are going to be effective in stemming the tide of ransomware. It’s my opinion that ransomware is already exhibiting some horrifying variations that we aren’t taking into consideration fast enough.

To Really Protect, Think Like a Criminal

It’s not a coincidence that some of the best minds out there when it comes to really understanding IT Security and how to actually address risk and stop these types of well conceived and formed attacks come from those who lived on the dark side and have come to the light – former hackers like Kevin Mitnick, Robert Morris and others. And we have a lot of white hats (too many to name here) who are extremely good precisely because they (a) think the same way as the criminal black hats and (b) have incredible intimate technical knowledge just as black hats do.

And don’t think your servers are safe. Hackers are already looking to get inside of your data center and maliciously encrypt and hold for ransom as much of your company as they can.

In order to effectively handle some of these malevolent attacks, you can’t be standing still. The whole history of dark-side hacking, breaches and generalized wreaking of havoc paints a storied picture of never standing still. Because once something is proven as technically possible, the very next thought by highly sophisticated hackers is instantly “How can this be extended?!”

Almost all hacks start out as “let’s try something” attempts.  Initially even conceiving of a new vector often takes intimate and expert knowledge of the target (usually operating system, but sometimes a target language flaw or other kind of architecture). But once a potential vector is exposed as having validity, it’s game on. There’s the initial hack, and then all the “mods” (modifications) that go with it come like a flood. (Reference the attached graphic associated with this article.)

Ransomware is no different. Just when you think you’ve got the attack scheme and the attack vector figured out, so many mods are hitting you, it makes your head swim. I’m seeing some articles, well-meaning, that state “if you just do this, this and this, you can stop ransomware.” If you do those things, yes, you can stop the ransomware of today or the ransomware of last week. But you won’t be doing much to stop the ransomware of next week or next month or that’s coming out in three months.

Hackers are always thinking fifteen steps ahead. It’s time we started doing the same. Here are some things to “look forward to” and expect when it comes to ransomware. A lot of these mods are already in the wild! But if they are not, you can be sure, hackers are already working on these: More »

Tags: , ,

The Case for “Encrypt Everything”

April 13th, 2016 | No Comments | Posted in Uncategorized

Visual concept of an internet connected laptop with server rack background doing virtually sophisticated data processing calculation.Within the IT industry, when considering data-at-rest (DAR) encryption, you may have noticed recently that security experts seem a little divided on how to leverage and apply this technology. Many experts have stated that only sensitive data should be encrypted. Others seem to be preaching a “new” gospel that all data-at-rest should be encrypted. Why this philosophical split and what, if anything, has taken us down this path? Does a right answer exist, and are there advantages to one strategy over another?

I will state up front as an initial thesis that, historically, obstacles around encryption have driven a lot of its present day conception and (lack of) acceptance, adoption and use within enterprises. If we take a quick look back in time as well take as a sampling of some uses of encryption today, I think it’s pretty easy to demonstrate that without these past obstacles, the intermediate and precautionary concept of “encrypt only sensitive data” would never have come into play and enterprises today would be encrypting all data-at-rest as standard operating procedure.

Historical Obstacles to Pervasive Encryption

Pervasive DAR encryption has always held at least conceptual appeal. As companies have faced escalating threats to their data in recent years, the idea of restricting data and information to only those parties with “need to know” status has quickly grown in time as an attractive option. But that attraction and appeal has in the past never been able to find realization due to the sizable obstacles surrounding DAR encryption.  Few realize that the dynamics around enterprise DAR encryption have changed such that these ambitions can now be very readily realized.

Taking an encrypt everything approach releases organizations to better and more quickly address expansion needs and develop and adopt efficient and cost-effective operational and scaling strategies while simultaneously and immediately addressing risk…

But before jumping too far ahead, let’s quickly review some of the main obstacles that have driven most companies to apprehension around DAR encryption: More »