In this article we will discuss:
Malicious actors are constantly scanning the web looking for weak points of access and corporate vulnerabilities they can exploit. HBO, Xerox, Garmin, ExecuPharm and several hospital systems and local governments across the US and the world have fallen victim to ransomware attacks. According to the FBI, 2019 saw 467,361 reports of such attacks with cumulative losses reaching in excess of $3.5 billion.
Here are the most common ways in which fraudsters hold corporations at ‘digital gunpoint’:
In this instance, cybercriminals gain access to corporate calendars and email them while a high ranking executive is in middle of an important meeting. They will typically send an email or social media along the lines of ‘Pay $X or we will shut down mission-critical service’, this could be anything from customer accounts and internal networks to servers and employee work environment paralysis.
This can take place in or out of real-time. The threat here is usually the release of classified company documents, customer personal/payment details, and/or corporate discretions identified by hackers.
This type of attack includes some form of impersonation (either of individuals or corporate entities) in order to gain access to private information. Many times these attempts are initiated via a seemingly harmless email which typically contains an urgent call to action.
BEC is usually carried out in an attempt to gain access and control of email accounts used for bank, money order, wire transfers, and any other financial transaction authorized via email clients. The malicious party then makes unauthorized transfers to offshore accounts or purchases untraceable cryptocurrencies.
Here are some examples of companies that were hit with costly cyber hostage situations:
EMCOR Group which is an engineering and industrial construction company was hit with a ransomware attack dubbed ‘Ryuk’ in 2020. EMCOR was exposed to this virus via a malicious phishing email which included links and attachments which served as the initial gateway. Ryuk hackers typically lock companies out of mission-crucial networks in exchange for ransom in the amount of $300,000+, making it one of the most pricy cyberattacks in the history of the internet.
In 2018, the CDT along with other local government agencies in the US had their operations at a standstill due to the then novel SamSam ransomware. This virus takes advantage of Remote Desktop Protocols (RDPs) and File Transfer Protocols (FTPs) to make day-to-day operations impossible until ransom is paid. One Indiana-based hospital was reported to have paid $55k before it could resume life saving treatments.
Security scanning and testing is highly sensitive to the type and variety of IPs that cloud security providers use. When attempting to carry out protective measures, most companies use a very limited ecosystem of IPs that fail to mimic what happens in reality, which means that they experience high vulnerability during real-world attacks.
Global proxy networks are helping these companies are helping cloud security providers position their clients more strategically to be ready for ‘states of emergency’. By leveraging real-peer IPs, they are able to mimic real-world user behavior using city, country, and ASN targeting. This helps prepare systems and algorithms with correlating cyberattacks from a wide variety of geolocations, devices, and service providers from across the globe.
Cloud security providers are changing their approach. They realize that it may be impossible to protect all people all the time, and instead are focused on protecting key corporate stakeholders and assets. For example, an enterprise may choose to focus on and prevent fraud specifically aimed at their Chief Financial Officer (CFO). This decision may stem from the fact that he or she is the gatekeeper of corporate funds or because the person in question is a key knowledge source.
In order to carry out this strategy, security providers scan the web for crucial person-specific data points (‘whois data’) that enables them to keep corporate targets safe. This enables them to create a data pool and a ‘risk map’ so they can target malicious actors in and out of real-time.
Hundreds of millions of domains can and are probed/scanned for data points on a daily basis in order to collect domain-specific information (e.g. taking screenshots, and collecting relevant headers etc).
Once checks are completed utilizing a global proxy network, cybersecurity teams can focus their energy and resources on specific malicious websites and high risk entities which can be extremely useful once a ransomware attack has been initiated.