December 7, 2022

Emergency measures required: BlackCat ransomware attacks increase


US federal agencies warned hackers were targeting the business sector using malware that can lead to ransomware attacks – © AFP

The U.S. FBI has issued a stark warning about the rise of BlackCat ransomware-as-a-service (RaaS) attacks. These have victimized at least 60 entities worldwide.

Described by security analysts as the “most sophisticated” ransomware group of 2021, BlackCat ransomware is established as a dangerous attack mode within the cybersecurity community. The operator behind the ransomware group have been linked to the notorious BlackMatter operation.

To explore the issue, Digital Journal caught up with two cybersecurity experts with different viewpoints surrounding this incident. The first is cybersecurity evangelist Alon Nachmany, Field CISO of AppViewX.

The second, in a companion article, is from privilege access management leader Raj Dodhiawala, president of Remediant.

Starting with Alon Nachmany, the expert begins by considering the geographical scope of the recent attacks; “While the majority of BlackCat’s 60 victims were in the EU, more than 30 percent of BlackCat compromises have targeted U.S. firms.”

Continuing his U.S. focus, Nachmany  says: “With the FBI’s memo, it’s clear the U.S. government is expecting this to hit the states soon. With the Colonial Pipeline ransomware attack anniversary right around the corner, critical infrastructure should be on extra alert. Today’s hackers know what they’re doing. These threats are extinction-level events for organizations and have detrimental effects on our natural resources, economy, military and much more.”

Looking at the specific attack mode, Nachmany  says: “As this malware focuses on compromising user credentials, organizations can instead replace the password with a digital certificate – the backbone to cybersecurity and keeping digital systems safe.”

The required action needs to involve moving beyond the password. According to Nachmany: “Simply put, passwords aren’t enough. People forget them, and forget where they’re used. Recognizing these issues, I’ve seen many organizations starting to shift their priorities. In our recent report with the Ponemon Institute, we’ve found organizations are putting greater emphasis on managing and securing digital certificates (54 percent) versus human identities, such as usernames and passwords, (46 percent), which they feel are less important.”

There are steps that organizations can take, however, to better protect themselves from this new cyber-onslaught. Nachmany recommends: “The long-term resolution to ensuring an organization’s most valuable asset – its digital presence – is protected is to begin using short-lived certificates and incorporating full automation to manage its lifecycle. This way, if the keys are compromised, they are not used by attackers and the window of opportunity for such sophisticated attacks are reduced.”