Ransomware & Back Office Security: FYI

Ransomware & Back Office Security: FYI

Recent concerns around ransomware and security are on the rise amid news of the cyberattacks on the United States Colonial Pipeline and the North American and Australian systems of the meat processing company JBS. Organizations are looking for insight into steps they can take to protect themselves from future attacks of a similar nature.

Taking stock of existing back-office security features that are currently in place is a crucial first step to evaluating security measures and acting to addressing any gaps in your security that may make your organization vulnerable to attack.

In recent years, the threat of ransomware has emerged as organized groups of hackers launch cyberattacks on companies and corporations with the aim of holding sensitive information “hostage” for a ransom. As a form of malware created to encrypt a victim’s files, ransomware works by demanding a ransom from the victim in order to restore access to the data upon payment. Victims of ransomware are shown instructions for how to pay a fee to get the decryption key.

The costs can range from a few hundred dollars to millions, usually payable to cybercriminals in Bitcoin or other cryptocurrencies which adds a level of difficulty when it comes to tracking down where ransom payments go and investigating potential perpetrators. Oftentimes, ransomware is spread through phishing emails with malicious attachments or content, or via drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website, and malware is then downloaded and installed without the user’s knowledge.

With increases in the frequency with which these attacks are occurring as well as their growing efficacy when it comes to their encryption capabilities, it’s no surprise that many organizations are concerned. Though ransomware is often spread through phishing email or drive-by downloading, back-office applications are another area that may be at risk.

ERP software may be vulnerable to attack, as is the case with what happened in the Colonial Pipeline incident. Hackers were able to gain access to Colonial Pipeline’s system using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place, meaning that the system was accessible through a single password without a second step authentication method in place such as a text message, which is a common security safeguard in more recent software.  

As for organizations that should be concerned, we’re seeing ransomware start hitting soft targets such as hospitals and municipalities, where losing access has real-world consequences, making victims more likely to pay the ransom. In the case of the SolarWinds Microsoft attacks, they appeared aimed at the theft of emails and other data through intrusions created by “back doors” that could ultimately enable attacks on physical infrastructure.

Though these are some of the common areas where we’ve seen ransomware attacks occur, organizations with any back-office software in any industry should take stock of their existing security measures.

By documenting and evaluating current security measures in place, you’re able to fill any gaps in security that may exist. Informing and educating your team on taking preventative measures including awareness of phishing emails and multifactor authentication can help mitigate risk. Ensure that your organization has the infrastructure in place to notify your team of potential security breaches so that you can take timely action and notify any affected parties.

Oracle users can expect to see real-time security threat monitoring, including Oracle Cloud Guard, Maximum Security Zones, and Cloud Data Safe in Oracle Cloud Infrastructure (OCI) which was announced during the 2019 Oracle OpenWorld conference. You’ll also have peace of mind knowing that as a Cloud user, your organization has the security of having an enterprise app with a dedicated team to mitigate fraud and risk.

For more information on security measures in Oracle Cloud, visit the Oracle Security webpage here. Elire’s team of trusted advisors is here to help with all of your Cloud security concerns. Reach out to [email protected] to set up a time to speak with our team regarding your organization’s needs, and in the meantime, check out this blog post on “Oracle Cloud Security: Single Sign-On and Role Assignments” here.