Pipeline Ransomware Incident Highlights Gaps in Minimum Security Requirements

The Colonial Pipeline ransomware attack has been in the news for the past week, bringing the conversation surrounding the security of our critical infrastructure front and center. While the cybercriminals behind the attack may not have intended to have such a devastating impact, the damage is done, leading to massive gasoline shortages impacting the American east coast.

Malicious attacks are big business for cybercriminals, and attacks like this one show it’s not a matter of if but when. And with many organizations still playing catchup to the massive shift in the modern workforce over the last year, the number of enterprises barely meeting even minimum security requirements continues to rise. Convenience has been prioritized over security, and the rise of mobile devices and other endpoints left unprotected while connected to corporate data should be alarming. Even though top incident response organizations are still analyzing the Colonial Pipeline incident, there are some lessons we can all take from it right now to shore up security architectures against this and other forms of aggressive attacks.

Ransomware is not a new threat to the computers of the world, from the first known example of this vector of exploitation taking place in 1989 via the PC Cyborg Trojan. And for over 30 years, the method has been updated, improved, and made even more dangerous to computers everywhere. Even as variations such as WannaCry, Ryuk, CryptoLocker, and others continue to hit the news, the collective gasp of surprise when another significant attack happens is deafening. Targeting everything from hospitals, banks, small to larger enterprises, consumers, and everything between, it is an easy, impactful form of attack that continues to highlight the weaknesses in security architectures. And delivery could be as simple as a dropped USB drive, malicious emails, or even a mobile device accessing the corporate network.

When it comes to cyberattacks, perpetrators will be persistent when looking for the path of least resistance to get into the targeted victim network. And once in, it is only a matter of time until they are navigating through the enterprise network with little to no resistance. While organizations of all sizes invest in advanced security architectures, many of them fail to address glaring gaps in the attack surface, ultimately leaving their data, systems, and operations at risk.

As the last year has pushed most employees out of offices and away from the existing security architectures to keep the endpoints safe, we have also seen a rise in the reliance on BYOD policies to support the new, distributed workforce. From personal laptops to mobile endpoints, these devices connect into enterprise networks with more frequency and data access than ever before. But 60% of these endpoints connecting are mobile devices that are often left unmanaged, unsecured, and open to attack as IT and security leaders balance convenience and security investments.

Enterprises that are deploying management tools to these endpoints aren’t even addressing the security risks to these endpoints. And email, text, and third-party messaging apps have made it even easier for attackers to spread dangerous links and files. All it takes is one user clicking one malicious link or file to expose the entire enterprise to an attacker.

Security is often approached with a check-the-box mentality as organizations continue to grow and scale, and for a good reason. Different enterprises have different compliance needs based on their industries, and those governing agencies provide minimum security frameworks to meet said compliance. But minimum requirements are just that: minimum. These compliance guides rarely address the needs of infrastructure scale, BYOD, mobile device access, and other newer technologies that are becoming critical to success, leaving enterprises following the bare minimum compliance requirements at increased risk.

It is no secret that security is an often overlooked component of business operations, but it is time for that to change. As organizations continue to grow and adapt to the modern needs of the distributed workforce, they must also advance their security solutions to protect their data and assets no matter where they are located. It’s time to secure all the endpoints, not just the traditional ones. Without a comprehensive approach to security and ensuring all the endpoints, from operational technology to mobile phones, enterprises will continue to be attacked in the hands of every employee accessing the data.

About Zimperium

Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against device, network, phishing, and malicious app attacks. For more information, visit www.zimperium.com.

Pipeline Ransomware Incident Highlights Gaps in Minimum Security Requirements

Source

Related Articles

GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally

Research and writeup by Aazim Yaswant and Nipun Gupta With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and […]

The post GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally appeared first on Zimperium Mobile Security Blog.

Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps

Abstract When approaching the development of a mobile application, one of the key design decisions revolves around the server side aspect of the application. Specifically, storage of information relevant to the app’s usage, as well as the backend API’s allowing the app to query the server for information in real time (as opposed to static … Read More

The post Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps appeared first on Zimperium Mobile Security Blog.

New Advanced Android Malware Posing as “System Update”

Another week, and another major mobile security risk. A few weeks ago, Zimperium zLabs researchers disclosed unsecured cloud configurations exposing information in thousands of legitimate iOS and Android apps (you can read more about it in our blog). This week, zLabs is warning Android users about a sophisticated new malicious app. The new malware disguises … Read More

The post New Advanced Android Malware Posing as “System Update” appeared first on Zimperium Mobile Security Blog.

The President’s Executive Order on Cybersecurity is a Massive Shift for Security

The latest ransomware attack on Colonial Pipeline highlights the worst secret in cybersecurity; our nation’s critical infrastructure is not prepared to stand up against the modern cyber threats. Systems like these have been the target for attacks from domestic and foreign cybercriminals for years. These groups are armed with the latest and most effective zero-day … Read More

The post The President’s Executive Order on Cybersecurity is a Massive Shift for Security appeared first on Zimperium Mobile Security Blog.

Gartner 2021 Market Guide for Mobile Threat Defense

“Security and risk management leaders who need to strengthen their mobile security posture should adopt MTD products to improve their overall security hygiene.” – Gartner Gartner recently published the 2021 Market Guide for Mobile Threat Defense report, and the analyst firm continued to highlight the importance of enterprise adoption of Mobile Threat Defense (MTD) solutions … Read More

The post Gartner 2021 Market Guide for Mobile Threat Defense appeared first on Zimperium Mobile Security Blog.