SoylentNews is people
SoylentNews
Backups 'no longer effective' for stopping ransomware attacks:
The growth of double extortion – and even triple extortion – ransomware attacks is in danger of rendering common, traditional methods of mitigating the impact of a ransomware hit, such as well-maintained backups, less efficacious, according to a report from machine identity specialist Venafi.
Data collated from Venafi's worldwide survey of IT and security decision-makers reveal that 83% of successful ransomware attacks now involve alternative extortion methods – for example, using stolen data to extort customers (38%), leaking data to the dark web (35%), and informing customers that their data has been compromised (32%). A mere 17% of attacks merely ask for money for a decryption key.
Venafi said that this means that because ransomware attacks now rely on data exfiltration, effective backup strategies are therefore to some extent "no longer effective" for containing a breach.
"Ransomware attacks have become much more dangerous. They have evolved beyond basic security defences and business continuity techniques like next-gen antivirus and backups," said Kevin Bocek, vice-president of business development and threat intelligence at Venafi.
Venafi also found that cyber criminals are increasingly following through on their threats whether or not they get paid. Indeed, 18% of victims had their data leaked despite paying, while more than the 16% who refused outright to pay anything and had their data leaked. Some 8% refused outright, but then had their customers extorted; and 35% paid, but were left hanging, unable to retrieve their data.
(Score: 3, Interesting) by MIRV888 on Saturday February 26 2022, @09:18PM (2 children)
I am of the opinion that a motivated intelligent group of hackers can compromise just about any system that isn't entirely offline. So that leaves you needing mitigation procedures/ designs in addition to traditional backup and firewall policies.
It's not that you did something wrong to allow the attack to happen. It's what do you do once it does.
(Score: 2) by HiThere on Saturday February 26 2022, @09:32PM (1 child)
Ummmm....no. But that's probably true for any default configured system. Many FOSS systems have the ability to be stripped of most attack surfaces, and some of them can be stripped quite far. But you can't access lots of services on them at that point. It's quite difficult to attack a system where the only access you have is an HTTP1 interface (no JavaScript!). It's possible to strip things even further, where there's only custom text based access, and only a limited set of predefined commands can be run, include NONE that allow batch access. But it's inconvenient to use.
There are lots of choice points where the choice made has been "easy" rather than "secure". Those are still available if you put enough work into things. But it won't look like a modern system.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Monday February 28 2022, @05:35AM
Although it's possible to write custom software that is not insecure, it's nearly guaranteed that a custom program will have more bugs in it than a mature one.
I would take a well-configured SSH instance over any kind of custom program with text input.