Secured.22: Understanding and recovering from credential and data theft
At last September’s Barracuda virtual customer conference, Secured.22, attendees got a ton of useful, actionable information about the latest threat trends and cybersecurity strategies.
Today I want to tell you about a session jointly presented by Barracuda CTO Fleming Shi and Senior Data Protection Product Manager Shawn Lubhan. It’s called “Understanding and Recovering from Credential and Data Theft,” and you can watch it here.
Destructive new threats
The session begins with Fleming explaining a disturbing new trend in cybercrime: the rise of wiperware.
These attacks unfold similarly to ransomware, but with one big difference. As a ransomware victim, you have the opportunity to negotiate with the criminals. Once their malicious code has done its work, you have someone you can engage with to undo the damage.
But wiperware is simply destructive. As the name suggests, it’s used to erase your data, storage structures, backups, etc. High-profile wiperware attacks, which were rare from the 2014 North Korean attack on Sony until 2021, are suddenly much more common, with at least five such attacks taking place this year.
Here’s a clip of Fleming explaining the rise of wiperware:
Minimizing wiperware risk
By taking away the chance to negotiate with attackers — at the end of an attack — wiperware effectively reduces your opportunities to limit your risk. You can only affect the outcome before the attack, in the middle of it, or after it ends.
Before the attack
After walking us through a step-by-step analysis of real-world ransomware and wiperware attacks — along with some eye-opening aggregate data generated by Barracuda’s SOC-as-a-Service product — Fleming points out that nearly every one of these attacks begins with the theft of credentials, usually via a phishing attack. In the vast majority of cases, those phishing attempts would have been detected and blocked by a modern AI-powered anti-phishing solution such as Barracuda Phishing and Impersonation Protection.
Another way to shut down these attacks before they begin is by eliminating the value of stolen credentials altogether. Properly configured multifactor authentication (MFA) can do this — as long as you identify and replace any outward-facing services that don’t support MFA.
An even better approach is to migrate to a passwordless authentication solution (find out a lot more about that in the Secured.22 session that I covered in this blog post).
During the attack
Once attackers have penetrated your network, they will typically spend considerable time exploring, gaining higher-level access privileges, and identifying the data they wish to target. Barracuda Account Takeover Protection can detect and shut down this internal, lateral threat activity.
After the attack
If attackers successfully wipe your critical data or entire servers, a good backup system can help you recover quickly and easily. But attackers know this — so a key element of these attacks is the attempts to gain access to backup systems in order to destroy them at the same time as your main data stores are attacked.
In the final part of this session, Shawn offers a detailed explanation of how to protect your backup systems so that you’ll still have them when you need them most. He details a real-world attack on a Barracuda Backup customer whose on-site backups were destroyed — but who was nonetheless able to recover quickly and completely thanks to having their backup files replicated to the Barracuda Cloud, where attackers couldn’t get to them.
Get all the info
There’s a lot more to know about preventing and recovering from credential and data theft — and minimizing your risk from wiperware attacks — than I can cover in this post. Get the whole story by watching the recording of this eye-opening session from Secured.22.
