Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

Can AI help the finance industry to win the war on ransomware?

Can AI help the finance industry to win the war on ransomware? 1

By Garry Veale, UK&I Regional Director at Vectra AI

The threat of ransomware is nothing new, and yet it continues to be a prominent feature in the headlines. Surely recent ransomware victims such as foreign exchange service Travelex, food supplier JBS Foods, the U.S. Colonial Pipeline, and Ireland’s Health Service knew the dangers and had measures in place to protect themselves? The statistics certainly don’t imply that ransomware is  suffering from a lack of awareness; 46 per cent of CISOs recently stated that ransomware is their biggest cybersecurity concern. And yet it continues to be successful in causing financial and operational damage.

Part of the problem is that ransomware has evolved and diversified in recent years – attackers have moved on from simple, fully-automated tactics that are quite straight-forward to prevent, to using more targeted and sophisticated tactics. At the same time, most security teams using the same old tactics to try to prevent ransomware – an approach that is now broken.

It’s time for financial organisations to evolve – and that means looking beyond a preventative approach that tries to stop a ransomware attacker from breaching the walls, and instead focus on arming themselves with the tools that can detect and stop an attack in its tracks. One thing is for sure, in the sprawling IT landscapes of today, artificial intelligence (AI) will play a decisive role in this war against ransomware. Vectra’s recent spotlight report shows that most financial services institutions need to analyse behaviours and separate the suspicious and the malicious using AI powered cyber security.

A diversifying threat

Early forms of ransomware operated on autopilot and followed a simple business model: infect as many computers as possible, because at least some proportion of the victims will surely pay to recover their files. This so-called commodity ransomware soon evolved to search out and encrypt entire network drives – the rationale being that you’re increasingly the likelihood of locking something the victim can’t live without. This initial evolution also saw attackers start to target financial organisations, rather than individual people; as businesses are more likely to pay bigger ransoms to recover critical files.

From here, commodity ransomware was combined with worms – so it could now land on a single system but then rapidly infect neighbouring systems too. This was an important step forward for attackers, as only one victim needed to fall foul of the phishing email so attackers could quickly spread to potentially thousands of other machines. Despite being around for many years, such commodity ransomware does remain a genuine threat. Everyone remembers the damage WannaCry caused a few years ago when it locked down hundreds of thousands of computers, while in February last year, commodity ransomware shut down a US natural gas facility for two days.

Attackers have continued to step up their game and diversify, replacing automated tactics for more sophisticated and targeted methods. These attacks often take weeks of planning and, after gaining an initial foothold, attackers manually adapt their movements to the specifics of the environment they have broken into. Such tactics were employed in the successful ransomware attack targeting JBS Foods, which was conducted by one of “the most specialized and sophisticated cybercriminal groups in the world”, according to the FBI.

Alongside diversification of the attack itself, the ransomware business model has also branched into a franchise model. The franchiser supplies the tools, playbooks and other necessary attack infrastructure, while franchisees use these services to carry out attacks, sending a percentage of the ransom back to the franchiser. For all intents and purposes, ransomware has become a fully-fledged industry; it’s hardly surprising that the sophisticated human-operated variants have been identified by Microsoft as “one of the most impactful trends in cyberattacks today”.

AI to reinforce the ranks

Well-known commodity ransomware variants can generally be blocked on entry if security teams have access to timely indicators of compromise delivered via threat-intel feeds. Even newer types of commodity ransomware that successfully bypass preventative measures are typically quite limited in scope, and can be overcome with a good backup and restore process. Containing more fast-moving commodity ransomware variants can be more difficult, although in these cases, micro-segmentation, zero trust, least privilege and other policy-driven controls are a decent armoury to contain outbreaks.

When it comes to the most targeted, human-operated ransomware attacks, success is no longer reliant on prescriptive policies, or hardened security configurations that are focused on prevention. While useful to a point, a sufficiently motivated attacker will eventually overcome these. In this case, focus must shift from trying to prevent the inevitable, to instead detecting and halting successful attacks at the earliest possible point – and this is where AI comes in.

With estimates indicating the average dwell time in a ransomware attack is 43 days, AI should play a decisive role within the security team to help flush out the threat. While a team of analysts may need days or even weeks, AI can rapidly – if not immediately – detect when attackers are moving through systems before the ransomware deploy button is hit. This is because AI can contextualise and consolidate the wide variety of signals and markers left by attackers as they move through systems to reach their intended goal. AI can pull all this disparate information together into one clear picture, meaning security teams can efficiently respond to the most critical threats.

Financial services conquering the ransomware battlefield

Ransomware continues to be a serious threat to finance firms, and if 2021 is anything to go by, it’s not going away any time soon. Security teams should take note of the numerous recent high-profile ransomware incidents and view them as a case study of what can happen if they are not ready to deal with the wide variety of threats.

If you’re the target of a human operated attack, it’s simply not realistic to expect security analysts to have all angles covered. As ransomware operators continue to diversify, financial organisations should look at adding AI-powered means of detecting ransomware to their arsenal, so they can significantly reduce the time taken to spot the threat.

Global Banking and Finance Review Awards Nominations 2022
2023 Awards now open. Click Here to Nominate

Advertisement

Newsletters with Secrets & Analysis. Subscribe Now