Security News > 2021 > October > Why is Cybersecurity Failing Against Ransomware?

How is it that time and time again, companies - big companies - are continuing to fall for ransomware attacks? Why aren't we getting any better at preventing them?

Attackers perform recon against their targets and tune their techniques for success.

Ransomware operators will frequently stage the actual ransomware payload across all systems in the network ahead of time, so that the payload is executed nearly simultaneously across all systems in the organization, and far faster than a DR solution will be able to detect.

The industry has given offensive security professionals its blessing to develop and release attack frameworks under the rationale that "Defenders need to understand these tactics." But this glosses over the fact that attack frameworks also help the attackers and make it harder for defenders to keep up.

An attack which costs one company $10,000 might cost another company $10 million, and it'll use the exact same tooling, attack flow, access broker and ransomware payload. Lack of Coordinated Response & Strategy in Both Private & Public Sectors.

The internet has no borders, and while an attacker may decide to obfuscate their location and mimic a Russian-based attacker, there is no way to determine with absolute certainty that the attack originated from within Russian borders.

News URL

https://threatpost.com/cybersecurity-failing-ransomware/175637/