Akamai CTO: Ransomware attacks are frequent and zero trust is an important defense method

On June 2, the ferry service in Massachusetts, the United States, was forced to be interrupted due to a ransomware attack. On May 30, JBS, the world's largest meat processor, was attacked by hackers and demanded a ransom. The servers of its North American and Australian branches were affected and operations were interrupted. On May 7, after the Colonial Pipeline, the largest fuel pipeline operator in the United States, was attacked by ransomware and the pipeline was shut down, the United States declared a state of emergency...

Ransomware attacks have been emerging one after another recently, and are becoming more and more severe. Charlie Gero, Vice President and Chief Technology Officer of Akamai's Security Technology Team, analyzed the recent major attacks and pointed out the means and methods of defense for enterprises.

Charlie Gero, Vice President and Chief Technology Officer, Security Technology Group, Akamai

“We don’t yet know the details of the current ransomware attack on the Massachusetts Steamship Authority, but one thing is certain: this particular type of malware attack is increasing in frequency. The Colonial Pipeline was already down for days, a JBS meatpacking facility was forced to shut down, and now the Steamship Authority has been shut down as well. All three cases used ransomware to disrupt the operations of these companies, and at least the first two were carried out by actors operating in or associated with Russia. Thankfully, the new attack by Nobelium (the hackers responsible for the massive SolarWinds data breach that is still affecting the world) has been detected and largely repelled.

“This highlights a very important point: more and more critical infrastructure is accessible online. The Internet is more than just a technology that enables social media and memes; it has become the core infrastructure for physical services we rely on every day, such as gas energy, food transportation, transportation, and banking. As industries use the Internet to streamline operations and deployment, they must balance the huge benefits of connected infrastructure with the high risks of being on a global platform where attackers can discover, infect, and hold hostage their assets from halfway around the world.

"Akamai expects this trend to not only continue, but to increase in frequency. Therefore, enterprises must deploy state-of-the-art security services to stay ahead of their attackers in this ever-expanding arms race. At a minimum, enterprises should install antivirus software on each of their critical machines. Systems that do not need to connect to the Internet should be completely 'separated' from those that do. In accordance with the principles of zero trust, strict access controls should be implemented on access to each application and services such as cloud access security brokers and secure web gateways should be introduced to perform further malware inspection on data flows to limit the spread of sensitive information within customer networks.

“The fact that so much critical infrastructure has been shut down in such a short period of time over the past few weeks speaks volumes about the scale of the problem. It tells us that many organizations’ security posture is not where it needs to be right now. As attackers continue to advance in speed and sophistication, all organizations should take this as a lesson, review their internal security practices and measures, and do everything they can to avoid becoming the next headline.”