Ransomware attacks are escalating in terms of frequency, variety, and impact. Based on reliable information sources, it is reasonable for every organization to expect it will experience multiple attempted ransomware attacks in the next twelve months. Given this threat environment, it is time to demand more from infrastructure providers.
Supply Chain Attacks
Supply chain attacks are increasingly common. Successful attacks compromise not only the solutions provider’s systems, but can also compromise the systems of that provider’s clients.
A Step Back in Time
I was a system administrator back in the minicomputer era of the 1980’s. As part of my responsibilities, I installed multiple minicomputers from the same manufacturer. As expected, the installation procedure required me to log into the default Administrator account. The manual recommended changing the administrator password, but did not force me to do so.
I eventually learned that these systems shipped with other default accounts including one for the manufacturer’s field service personnel to use. The username was “Field.” The password was (you guessed it) “Service.” And these personnel expressed displeasure when I changed that password.
Username: FIELD
Password: xxxxxxx
Is Your Bank Secure?
I remember sharing the above story with a fellow System Administrator. He responded by telling me that earlier in his career he had been a bank security system installer. He claimed that in service visits to existing clients, he was able to get into locked bank buildings simply by entering the default administrator passcode into the entryway keypad.
Prevention is Better than Recovery
Every organization should implement a multi-layered set of cybersecurity defenses that address core systems as well as endpoints. Cybersecurity frameworks are available to guide these efforts, including many that are tailored to the needs and regulatory requirements of specific industries.
When it comes to cybersecurity, the Benjamin Franklin axiom that “an ounce of prevention is worth a pound of cure” is as true today as it was in 1736, when Franklin coined the phrase. Nevertheless, prudent business leaders and technologists will prepare for the likelihood that their cybersecurity defenses will fail.
When cybersecurity solutions fail, you must have other protections in place. These may include storing data in immutable storage formats.
Recent DCIG research
Today, many enterprise infrastructure solutions do a much better job of securing service access by implementing dynamic client approval technologies for remote support sessions. However, recent DCIG research indicates that many solution providers still rely on inadequate protection mechanisms.
While default administrator accounts and passwords may be necessary. Solutions that rely on these mechanisms should at a minimum require both the default administrator account name and password to be changed during installation.
All business-oriented solutions should also implement role-based access controls, preferably tied into the enterprise directory service. These enable organizations to delegate aspects of management to various staff members without granting full access to managing the solution.
The Stakes Are High
The cost of successful ransomware attacks are too high to permit a lackadaisical approach to infrastructure security. Ponder the following stats for a few minutes. Think about what impact experiencing the following consequences of a successful ransomware attack would have on your business.
No More Excuses
It is time for all infrastructure solution providers to recognize that they are a priority vector of attack among ransomware criminals and implement more robust protections. These should include both multi-factor authentication and role-based access controls.
Business and IT staff must require their infrastructure solution providers to implement these protections and cross those that fail to do so off of their list of candidate solutions.
Keep Up to Date with DCIG
To be notified of new DCIG articles, reports, and webinars, sign up for DCIG’s free weekly Newsletter.
Technology providers interested in licensing DCIG TOP 5 reports or having DCIG produce custom reports, please contact DCIG for more information.
Sources for ransomware incident quotes:
- https://www.wired.com/story/russia-solarwinds-hack-targets-fallout/
- https://www.wired.com/story/kaseya-supply-chain-ransomware-attack-msps/
- https://resources.trendmicro.com/rs/945-CXD-062/images/Reduce-Phishing-Ransomware_Trend-Micro.pdf
Sources for “Ransomware 2021” infographic:
- https://abcnews.go.com/Health/wireStory/latest-india-reports-largest-single-day-virus-spike-70826542
- https://www.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf
- https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020