Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya”
Part 1 – Ransomware
The origins of modern ransomware trace back all the way to the AIDS trojan of 1989. Its use of simple symmetric cryptography and gentle extortion of $189 seems almost infantile compared to the techniques used and extortions of today. In the midst of a global pandemic, ransomware has been on the rise – economically motivated actors would never miss such an opportunity – with cases in the United States rising 109%, according to a recent report by SonicWall. Healthcare entities alone observed a staggering 75% increase in cases.
Ransomware has certainly evolved since 1989, with modern strains using asymmetric cryptography to prevent recovery and cryptocurrency to hide the trail of money. As the malware has become more advanced, so have the attackers. In the same SonicWall report, their researchers noted “attacks are both more tactical and more targeted than ever, giving them a greater chance of success.” It’s clear that ransomware actors are learning from the tactics and techniques used by advanced persistent threats (APT) to perpetrate some of the most significant breaches in recent history.
It is within this setting that we here at Stealthbits read Gavin Ashton’s post, Maersk, me, & notPetya, with great interest. Gavin was the identity and access management service owner at Maersk in the aftermath of their 2017 encounter with NotPetya – a strain of ransomware that utilized techniques popularized by APT actors.
I felt a sinking feeling reading Gavin’s writing – that feeling of confirmation of the idea that while we’ve made great strides in defending against ransomware and APTs, it’s clear we still haven’t done enough. Economically motivated adversaries only stick to their tactics so long as they’re earning a return; the continued increase in ransomware attacks since Maersk’s suggests that it remains a highly lucrative venture.
In his post, Gavin argues that the continued success of ransomware is due to most businesses not having tackled the “basics.” That the eight things he presents could have stopped NotPetya from destroying their entire environment. In the next of a short series of blog posts, we’ll be exploring these basics from both the context of modern ransomware but also the advanced persistent threats.
We’ll seek to answer questions about commonalities in ransomware and advanced persistent threats – for example, though the motives and capabilities of the threat actors were different, why were the outcomes at Maersk and Sony Pictures Entertainment so similar? Are “the basics” the things we’re missing? In the next blog, we’ll discuss how Active Directory is central to the success of these attacks, and how its security paramount.
In the meantime, we’ll be running a webinar with Identity & Security Expert and author of the viral “Maersk, me, & notPetya” blog post, Gavin Ashton, for a 60-minute crash course on why “Do[ing] the basics” is any organization’s best option for mitigating the risks associated with credential compromise and advanced threats. I will also provide attendees a useful and valuable real-world practitioners guide to leverage when implementing Gavin’s advice, providing specifics on the approaches and tactics organizations can leverage to quickly secure what matters most.
Gerrit Lansing is Stealthbits’ Field CTO. In his role, Gerrit leads strategic initiatives to improve customer engagement and Stealthbits’ products and positioning. He brings with him over a decade of experience in information security, with a focus on identity and privileged access management. Prior to joining Stealthbits, he started his career as an Information Security Analyst at Liberty Mutual before joining CyberArk Software where he held multiple roles including Director of Consulting Services and Chief Architect.
Gerrit holds a Bachelor of Arts in Administrative Science from Colby College in Waterville, ME.