Holiday shopping season is here, which means retail organizations find themselves in the crosshairs of ransomware groups. And, if the past year has been any indication, organizations of all brands can look forward to higher attack frequency and potency.
Although US and Western governments have cracked down significantly on ransomware groups since the wave of disastrous ransomware attacks, including the ColonialPipeline attack earlier this year, the allure of monetization keeps new and evolving groups coming back into the fold.
Retailers, manufacturers, and organizations with seasonal revenue dependencies simply can’t afford network downtime over the holidays. When point-of-sale systems, branch location connectivity, or payment servers go down, companies lose money and customers to competitors who may be operating just fine.
On top of potential lost revenue, ransomware groups target retailers they know can’t afford downtime. Ransomware groups meticulously scour companies’ public financial statements, competitor information, and insurance coverage to identify worthy victims and decide how much they will charge to extort retailers for regained access to critical systems or data.
Recently, we’ve seen the rise of various groups targeting VPN vulnerabilities, unpatched internet-facing servers, and leveraging commonly used windows persistence mechanisms to hide on corporate networks.
Ransomware groups generally use many of the same tactics used by other criminal and state actors to access corporate networks. These include conducting brute force attacks on passwords, or gaining entry through unpatched internet-facing servers and services, or connecting via uninspected VPNs.
However, the holiday season brings a seasonal twist to the tried and true tactics malicious actors use to gain illicit network access, including the use of squatting domains, or websites designed to look like legitimate shopping sites; fake gift purchase emails; or spoofed credit card fraud alerts that trick users to supplying credentials on phishing sites.
In fact, spear phishing remains one of the most popular methods of credential theft, and clever attackers love to use the lure of a free holiday gift card to load malware onto user devices.
Compromised credentials allow attackers to cloak their network movements behind trusted user behavior, moving laterally to other retail networks, servers, and applications. Where ransomware groups differ from other malicious actors, though, is what happens after they gain network access.
Once inside, ransomware groups focus on encrypting sensitive files and holding them for ransom, requiring victims to pay exorbitant amounts of money to access business-critical data or tools required to conduct business. While any sort of illicit behavior on corporate networks is bad for business, a ransomware attack—especially during the holidays—can wreak substantial financial and reputational havoc for retailers.
Retailers aren’t destined to be ransomware victims. With the five following network management and security best practices, they can fortify their networks against opportunistic infiltration attempts during the holiday season.
A retailer’s best defense for ransomware attacks is embracing an effective Zero Trust mindset. Based on Zero Trust best practices, a Zero Trust mindset includes deploying products and policies that enable you to verify all users, devices, and applications; applying context-based access; securing all content; and monitoring users continuously.
Given that VPN, remote desktop, and internet-facing applications are among the most popular ways for ransomware groups to gain network access, securing these access points with zero trust network access (ZTNA) technologies is a good starting point for retailers to begin their zero trust journey. An effective ZTNA solution, also known by many as a software-defined perimeter (SDP), does the following:
There are plenty of things for retailers to think about during this holiday season, but figuring out how to reclaim data, files, or even the ability to run their business from a ransomware group doesn’t need to be one of them. The proper preparation and Zero Trust know-how may be the difference between having a holiday season that is more merry and bright versus scary and a fright.
Check out how Prisma Access leads the pack for ZTNA in the 2021 Forrester New Wave™: Zero Trust Network Access report.