How Ransomware Gangs Use Automation, and How You Can Beat It
Few topics spark conversation like security automation. Automation is the entire premise around programming; routines and repetitive patterns are tasked to computers while humans work only on higher priorities. For security practitioners, this is essential because even a small network can have thousands of endpoints that need protecting while the security staff is miniscule. Yet the challenge facing organizations in 2022 is how to automate, not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise. Join us for a three part blog series on automation and for a webinar on February 22nd titled, "Fight Ransomware Robots With Automation Intelligence".
Ransomware gangs and security practitioners battle each other similar to how a baseball pitcher and hitter would duke it out. In this game dark web criminal actors focus on causing incidents, while security automation focuses on incident response. To increase their velocity and volume of attacks ransomware gangs are leveraging automation throughout their attack cycle. To keep up, security practitioners have turned to intelligence-led automation, which enables businesses to defend at scale with the speed necessary to make contact on every pitch. Much like baseball, in the cyber world there can be no ties. Intelligence provides the upper hand.
To help security practitioners gain an advantage, Recorded Future’s Insikt Group reported on automation in the criminal underground. In their report, Insikt Group identified 10 key strategies ransomware criminals use automation to enable their attacks.
- Breaches and sale of databases
- Checkers and brute-forcers
- Loaders and crypters
- Stealers and keyloggers
- Banking injects
- Exploit kits
- Spam and phishing services
- Bulletproof hosting services (BPHS)
- Automated marketplaces
Bad actors are well acquainted with subverting defensive automated technology. For example, they might craft malicious code to appear normal to automated scans, such as antivirus applications. Security teams with careful monitoring and logging established can create rules to detect these seemingly-normal patterns and behaviors for the malicious files they are. However, threat actors can quickly take action, such as rotating their infrastructure, to get around being blocked. This means rules must be manually generated for each new iteration of malware, leading to a security treadmill where efficiencies are lost to an endless cycle of detection/patching new malware.
Step off the treadmill with Intelligence. Intelligence gives your team a cheat code, enabling them to pull rules already tested to identify and mitigate ransomware attacks from doing damage.
Join us for a webinar on February 22nd titled, "Fight Ransomware Robots With Automation Intelligence" to learn more about how automation can assist your organization.