SC Magazine, October 2, 2017; Satya Gupta comments on ransomware and fileless attacks.
Fileless ransomware attacks threaten SQL databases, IoT devices, while escaping notice of traditional defense systems
Ransomware is not only alive and kickin’ – but its evil authors are continually morphing and developing new ways to torture our networks and ruin plenty of good nights’ sleep. If only a good backup were all that was needed to defend against a ransomware attack, but a lot more is involved in taking defensive – and for that matter, effective offensive – positions against ransomware.
A primary method of ransomware attack today is still a file corruption attack using cryptographic API. But another form of attack that’s increasing is against databases through SQL queries. The treasure trove of data sitting in databases draws hackers like metal to magnet – and the bigger the data, the better, making big data services like MongoDB and Hive mother lodes. Attacks that would corrupt high quantities of data and hold it for ransom present a scary scenario indeed.
IoT is another area of increasing risk. Devices used in cars, homes, offices, factories, hospitals and more increase the ransomware attack surface. Fileless attacks are also on the rise and bringing new challenges to the security battle. According to a 2016 Barkly survey, 50-100 percent of fileless attacks blow right past anti-virus, anti-malware, firewalls and other defensive technologies. Ransomware such as WannaCry and NotPetya represented fileless attacks.
Satya Gupta, co-founder and CTO of Virsec talked to SC Magazine about fileless attacks with respect to ransomware. “Ransomware has received a lot of attention because it's easily understood, but it's more of a symptom than a disease, and is typically just the last step in a well-orchestrated series of hacking techniques. These include hard-to-detect fileless techniques to exploit web server vulnerabilities, pivot laterally within networks, and hijack servers to take malicious actions such as theft, destruction or ransom. In fact, most ransomware attacks yield very little actual revenue, but cause lots of disruption – probably the larger goal.”