Let’s make a note of the term “network.”
Another recent headline was about a new ransomware attack called Black Basta (a new strain and gang). Also reported, Black Basta, “uses a double extortion scheme via VMWare running in Linux servers.” Black Basta has reportedly demanded as much as $2 million from some companies. Double extortion is the trade term for an attack that both steals and locks the data – extortion one – pay to unlock the data, and extortion two – pay to not have them sell the data. Black Basta penetrates a victim’s network and steals sensitive information by moving laterally through an organization.
There is that term “network” again.
My point is that attackers have proven ways to bypass even the best endpoint detection and response (EDR) tools; they can bypass them, hide from them, and trick them for just long enough to move laterally to an unprotected server or device. To do any of those, they must use your network. To complete any attack, they must use your network. To execute ransomware, they must use your network, and to exfiltrate data, they must use your network.
Ladies and gentlemen, you MUST watch your network. The medical center above was not watching. If you fall victim to Black Basta – it is likely you are not watching.
Each day a new headline, a discussion about how the attacker made it into the network, and another company that forgot to monitor the network is burned.
Do I seem frustrated?
There are many really good network defense tools out there that can solve this problem. Network Detection and Response is not a new market; it is mature, with proven technology. Many vendors offer solutions ranging from super sophisticated for large enterprises to super automated and easy to operate for smaller teams. CyGlass provides a practical and very affordable solution for those small teams.
So when planning your next cybersecurity budget and projects, please do yourself a big favor and do not forget your network.
Bill Munroe
VP Marketing, CyGlass
