<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us

Ransomware: What happens under the surface?

by Sebastiaan Bosman Blog 3 Dec 2020

Every now and then, there’s a new headline about an organisation hit by a ransomware attack. How parts of their infrastructure and sensitive data was suddenly encrypted, impacting customers, productivity, and their reputation. What would you do in such a situation? Pay the ransom? Or should you never negotiate with criminals?

Experts at the helm

Naturally, you’d rather never have to make that decision. Though you can never fully prevent being hit by a ransomware attack, you can significantly decrease the chance of it happening. To do that, you first need to understand two things:

How do the bad guys operate?
What do you have that needs protecting?

To help you answer these two seemingly easy questions, we have organised a webinar together with cybersecurity company Intel 471. Two security experts took control of their ransomware submarine.

Maurits Lucas, Director of Intelligence Solutions at Intel 471, took a deep dive to explain what goes on under the surface. How do cyber-criminals develop and distribute ransomware? And how can you spot this activity before it’s too late?

Then, Eward Driehuis, SVP Strategy at Cybersprint, described how you can bring risks in your digital footprint back to the surface. What do you need to map and monitor your digital assets? How can these insights help you prioritise the systems that need your attention the most?

Watch the Webinar >

Criminal partnerships

Intel 471 is specialised in the Intelligence aspect of cybersecurity. Their malware solution is able to detect and monitor both adversary intelligence (what do the bad guys talk about, what are they selling/buying?) as well as malware intelligence (what tools do they use to conduct their activities?)

What they see is that most of the malware does not come from a single actor, or even from a single group. Rather, it is the work of actor groups coming together in loose affiliation around, for instance, a certain buyer-seller relationship. As different groups have developed specialties of the malware process, they have to build partnerships to make and distribute an attack successfully.

Intel maps that structure, making them able to see who is responsible for what aspect. Tracking this gives them early warning signals, helping organisations stay more secure.

Linking digital risk to business risk

When Eward took the wheel, he explained how many organisations struggle to get a good grasp on their digital footprint. And if you don’t fully know what assets are out there, how can you repair the vulnerabilities they use to plant their ransomware?

Cybersprint provides a Digital Footprint platform to help organisations build their resilience. To protect from threat actors, you need to look at your organisation in the same way as they do: from the outside-in. What digital assets are out there, how do they link to your systems, and are there any weak spots?

Eward shows how automated and continuous monitoring reveals risks, making sure security specialists can take appropriate action. Well before they’d have to make any dreaded phone call.

Want to see the submarine making the full dive? Click here to watch the recording of the webinar.Watch the Webinar >

pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Forwarding your call: How do DNS and CNAME records work?

The web is in a continuous state of dynamic development, with websites being created, updated, and deleted every day. These websites are the digital equivalent of a rented property. Similar to physical properties, visitors will need a precise address to visit you.

read more

Digital Footprint explained: What is it & where does it come from?

It's the term we use the most: Digital Footprint. It is the foundation of your organisation’s digital infrastructure. It’s the starting point of your IT security policies, configuration database management, vulnerability mitigation, and much more. In this blog, we’ll shortly describe what drives the need for a Digital Footprint solution, share our definition of the term, and explain how it minimises the risks to your brand.

read more

Swagger API: Discovery of API data and security flaws

APIs (Application Programming Interface) are used by applications to communicate and interact between systems, access data, and much more. It makes sure you get the correct response on a request. However, if someone were to intercept this request-response, they could potentially misuse the data or alter the process. Cyber-criminals scan the internet for unsecured APIs on a daily basis. If not properly secured, this can lead to unauthorised access to internal data or customer information. What’s more, in some cases it allows tampering with data directly from an exposed API. This technical article focuses on mapping and discovering Swagger APIs throughout the EU. We will present how we discovered those APIs and checked for misconfigured examples. We will illustrate each step using screenshots, present the results, and provide defensive recommendations. Research conducted by Soufian El Yadmani, Security Analyst at Cybersprint The interactive map below shows how many Swagger APIs we found, and in which region. You can click, drag and zoom to see how many Swagger APIs were found in your area.    

read more

Do you have a question?

Our experts have the answers

Contact us