Jul 9, 2020

Rapid7: Ransomware Playbook - understanding cyber risk

rapid7
Ransomware
covid-19
William Girling
3 min
Ransomware
Rapid7 has recently published its ‘Ransomeware Playbook’, a guide for helping businesses understand, identify and tackle cybercrime...

Rapid7 has recently published its ‘Ransomeware Playbook’, a guide for helping businesses understand, identify and tackle cybercrime.

The COVID-19 pandemic has accelerated digital transformation across several segments and the banking, insurance and finance sectors are no different. 

As remote working becomes more commonplace and operations are integrated further with technology, the risk of organisations holding sensitive or valuable information grows exponentially and Rapid7 hopes to redress the balance by keeping companies informed.

“Victims of ransomware attacks suffer the impact of productivity and revenue loss due to work stoppage,” says the report. “Ransomware is a unique security threat where most of the security team’s effort is spent on prevention and response because once ransomware is detected, it's too late.”

Identifying risk

Before expanding on the actions that can be taken, Rapid7 advocates a primer in the forms that contemporary cyber risk can take. The company puts forward this definition:

“Ransomware is malicious software that covertly encrypts your files—preventing you from accessing them—and then demands payment for their safe recovery.  

“Like most tactics employed in cyber-attacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.”

Methods used to gain infiltration could include targeting a user through compromised email accounts that they have had legitimate contact with. Other techniques include:

  • Spear phishing: sending targets a clickable link or attachment.
  • Drive-by: exploiting a web browser vulnerability.
  • Exploitation: embedding ransomware at a point of vulnerability and then allowing it to proliferate automatically.
  • Replication: networked media which encrypts ransomware as it simultaneously infects the targetted user.
  • Valid accounts: an ‘outsider from within’ approach, wherein the perpetrator has legitimate access to the system from the onset.

Once contact is made, the targeted user will be prompted to open a link, download some software or otherwise coerced into introducing malicious content to their computer.

Now that the ransomware has been embedded, it can be used to steal information or lock the legitimate user out of core systems, with the subsequent refusal to unlock it unless a ransom is paid - hence the name.

How has ransomware changed?

Previously, ransomware relied on unsophisticated mail merges which targetted large quantities of potential victims simultaneously.

Now, however, Rapid7 states that this is changing: 

“Increasingly over the past few years, there has been a shift to "big-game hunting" threat actors leveraging access established by taking advantage of poor security controls in an environment like an unpatched externally facing server, unsecured remote access solutions, or an undetected banking trojan (such as TrickBot, Emotet, or Dridex).”

Described as a more ‘hands-on’ approach, the infiltrators are able to gain incremental control over a system until a business’ services are rendered incapacitated. This can be disastrous for banks, which not only have compromised their customer’s data but could also suffer long-term reputational damage too.

In our next article on Rapid7’s Ransomware Playbook, we will explore what actio ns enterprises can take to mitigate the threat and how Rapid7 can find the optimal solution for the prevention, identification and elimination of cyber risk.

Share article

Jun 11, 2021

SLK Software: Optimising performance in the digital economy

SLKSoftware
AI
Automation
CNAInsurance
2 min
Recently featured in our profile of CNA Insurance, we take a closer look at how SLK Software is powering disruption in the digital era

Established in 2000 in Bengaluru, India, SLK Software recognises that fast-paced digital transformation is creating an unprecedentedly fertile period of opportunity for global businesses.

As such, with a firm belief in the power of simplification and automation to yield new and exciting experiences, the company has been challenging the status quo for over 20 years through an approach that is:

  • Relationship oriented
  • Strategically focused on a desired outcome
  • Reliant on automation tech

Believing in purposeful automation

SLK’s specialisation in automation tech is full spectrum: artificial intelligence (AI) and machine learning (ML), Computer Vision, Natural Language Processing (NLP), Robotic Process Automation (RPA), and more, are all part of its core competencies. 

Citing 90% productivity improvements, 30% business growth through better customer experiences, and up to 20x faster go-to-market capabilities, the reasons for its focus are clear.

The company currently serves the banking, financial services, insurance, retirement services, M&A, manufacturing, and supply chain sectors. Solutions offered include:

Accelerating workflow processes

In addition to these services, SLK offers three products/platforms: Avo Assist - RPA, Avo Assure - Test Automation, and Avo Discover - Process Discovery.

 

 

The latter is a tool specifically calibrated to enable business users an easy method for capturing document processes. This can occur across any application, with these individual tasks then seamlessly combined for both improved compliance and governance. 

Carol Castelloni, VP of Transformation at CNA Insurance, highlighted this as providing critical support in helping the company meet its business objectives:

“SLK’s Avo Discover tool accelerates how we can document workflow processes, measure impacts on enhancements, and identifies future automation opportunities.” Liberated from having to focus on these process-driven aspects of business, CNA Insurance has been able to refocus its attention on creative problem-solving instead.

Ultimately, this is the most important benefit that SLK brings: it optimises the back end so that clients can channel their energy towards what matters the most, customers.

Read more about SLK Software and CNA Insurance in the June 2021 edition of FinTech Magazine.

Pictured: SLK Software team (source)

Share article