Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

URL has been copied successfully!
Why Codefinger represents a new stage in the evolution of ransomware
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

A new type of ransomware attack: The fundamentals of the Codefinger attack are the same as those in most ransomware attacks: The bad guys encrypted victims’ data and demanded payment to restore it.However, several aspects of the breach make it stand out from most other ransomware incidents:
Attack vector: In traditional ransomware attacks, the attack vector involves planting malicious code on a computer or server, then using the code to encrypt sensitive data. In the case of Codefinger, the attack technique was quite different. There was no malicious code at play; the attackers simply abused access credentials.Changing role of backups: While off-site backups might have helped some organizations recover from Codefinger without paying a ransom, they wouldn’t have protected organizations that backed up data based on S3 buckets that had already been encrypted because in that case, the backups would have ended up encrypted as well. This exposes one of the fundamental weaknesses of conventional data protection: backup data is only useful if it remains secure, and that is not always the case.Shared responsibility: Codefinger underscores how threat actors can carry out attacks against cloud-based environments by exploiting weaknesses that cloud vendors don’t attempt to manage. In the case of this incident, responsibility for managing access keys fell to Amazon customers, not Amazon itself, under the terms of cloud-shared responsibility models.In these respects, Codefinger represents a novel phase in the evolution of ransomware. It exploits a type of weakness, insecure key management, that organizations haven’t typically managed closely. In addition, the threat it poses is exacerbated by the fact that conventional ransomware defense strategies, like off-site backups, would not necessarily have sufficed to protect organizations.

Protecting your business against the next Codefinger-like ransomware: This is not to say that traditional data protection practices, like taking regular backups and housing them on immutable storage, are no longer important. They remain among the essential steps that businesses must take to defend against ransomware of all types.However, Codefinger is a reminder that organizations must combine traditional protections with more advanced, and easily overlooked, data protection and cybersecurity practices.For example, the following best practices would have helped stop the Codefinger breach:
Secrets identification: Secrets (meaning passwords, keys and any other type of credential used to access a system) should be systematically identified and tracked so that organizations know where their secrets reside. When secrets are hosted in insecure locations, like code repositories, they should be moved to secure environments, like a dedicated secrets management tool.Secrets cycling: Cycling secrets by updating them periodically prevents older secrets from being useful to attackers if they fall into their hands.Granular secrets management: A granular approach to managing secrets, by, for example, giving developers access keys that are different from those used by IT teams, reduces the potential fallout of a breach because it restricts the number of resources attackers can access using a given secret.Private data storage configurations: Unless a cloud resource has a reason to be accessible publicly, it should be configured such that only authenticated users can find and access it. In the case of the Codefinger breach, publicly discoverable S3 buckets helped enable the attack.These are just examples of ransomware defense techniques that would have helped mitigate the risks associated with Codefinger. More generally, organizations should invest in strategies like mapping the attack vectors that may impact them, understanding the limitations of their backup and recovery strategies and gaining a comprehensive understanding of their IT environments.Most organizations realize that these things are important, of course. The challenge they face is that staff resources and expertise are finite, and in the scramble to meet competing demands for resources, businesses don’t always invest as heavily in advanced ransomware protection as they should.But given the severe threat that attacks like Codefinger pose, there’s no justification for underinvesting in ransomware defense. On the contrary, as ransomware continually evolves, making conventional protections less effective, identifying and mitigating cybersecurity weak points is more important than ever. If you can’t do it using your in-house resources, now is the time to expand your repertoire of cybersecurity expertise or find a cybersecurity partner who can help fill the gaps.Justin Giardina is the chief technology officer at 11:11 Systems. He brings more than 25 years of experience in data center and network operations to the role. He was previously CTO for iland, he is a member of the Forbes Technology Council and serves on technical advisory boards for such organizations as VMware (now Broadcomm), Zerto, Cisco, Cohesity, HPE and Veeam.

First seen on csoonline.com

Jump to article: www.csoonline.com/article/3958179/why-codefinger-represents-a-new-stage-in-the-evolution-of-ransomware.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link