Security News > 2021 > July > How to prevent ransomware attacks with a zero-trust security model
Identity-based access, frequent password changes and multi-factor authentication can help reduce the incidence of such attacks, but to be proactive Greatwood and I agreed that identifying the source of repeated, excessive login attempts and blocking such attempts are crucial to detecting and reducing the impact of ransomware attacks.
"A zero-trust model is a valuable defense mechanism in blocking ransomware."One of the most effective ways to prevent ransomware attacks is through the adoption of zero-trust architecture, the modern alternative to perimeter-based security.
Built on the principle 'never trust, always verify,' a zero-trust security strategy would have prevented ransomware attacks like the Colonial Pipeline and JBS, by preventing it from spreading across the operations while keeping the operation running.
"The Colonial Pipeline attack as well as many other recent attacks demonstrate that industrial operations lack the security controls across their operation to effectively identify, isolate and recover infected systems. Cybersecurity controls across the operations gives the operator the ability to control each interaction between applications, users and machines on an individual basis based on the identity and policy and with zero trust. When such controls exist they give the operator a method to prevent the attack from spreading and the operation can keep running even during an active attack," Greatwood said.
"Unlike traditional techniques, under which an attacker can exploit cyber weaknesses upon gaining access inside a network segment perimeter, zero trust treats the identity of each machine, application, user and data stream as its own independent 'perimeter,' allowing granular access policy enforcement. As such, rigorous security enforcement continues even in the event that hackers get into an operational or corporate network-and ransomware gets blocked from traversing between IT and OT systems," Greatwood said.
"Cybersecurity and Infrastructure Security Agency recently published a set of guidelines specifically for industrial operations due to the rise of ransomware attacks in this sector. National Institute of Standards and Technology has also been updating its set of guidelines for protecting Industrial Control Systems from such attacks. Both are advocating for a defense-in-depth approach focusing on zero-trust with granular role-based access management for all interactions in the OT and especially in IT/Cloud environments," Greatwood said.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)