By Samantha Agather, Information Security Analyst – Intrinium
Big Game Hunting: No Longer Just About the Animals
Tactics to invade your network are changing day by day, and Big Game Hunting is the newest, most effective tactic to date. Large companies that haven’t invested as heavily into cybersecurity are now the target of pinpointed attacks on their network with great effect. Specifically, we’re talking enterprise-level companies, such as Norsk Hydro, which hit with the ransomware LockerGoga and cost the company more than $52 million in March of 2019.
What is Big Game Hunting?
Big Game Hunting is a tactic used by malicious actors to infect and extort enterprise-level companies, skipping over the smaller return that individual targets present; it’s a difference of hundreds of dollars over multiple targets to millions of dollars over a single target for the hackers.
It’s a much more profitable tactic and a surprisingly easy one to exploit. Most organizations suffer from basic security issues like asset management and vulnerability management, meaning that they are not even aware of the risk that may be exposed to the Internet. The other likelihood for infiltration is via Social Engineering; it is a general rule from one of our penetration testers that there will, on average, be at least five percent of employees who will fall for a social engineering attack, and from there escalation of privilege tends to be simple.
Who’s affected by this tactic?
Hackers are opportunistic and they often target anyone who appears like they can dish out hundreds of thousands of dollars or more. Companies such as cable providers, car dealerships, Fortune 500 businesses, and healthcare systems are often prime targets. Additionally, companies that rely on technology for their supply chain, like Norsk Hydro are susceptible to this attack tactic. Their organization was reliant on technology to continue production, and without their computers, they were losing nearly $6 million per day in the first week they were affected. Thus, it was imperative to quickly rectify the breach and put the pressure on to respond to those who held the ransom. Companies like Amazon and Google are cyber-specific and have teams dedicated to ensuring they are secure and up to date, but your local hospital might not have the same resources to dedicate to cybersecurity or even understand the importance.
What will help protect against this?
The answer to that is complicated and depends on each situation, but here are the basics:
- Do not leave unnecessary ports open on your firewalls, and utilize threat protection measures (Intrusion Protection System, etc)
- Patch all your software
- Update your operating systems to current and supported levels
- Use antivirus and other endpoint solutions to keep your devices secure
These are simply the basics, intending to get you started on your journey through keeping yourself and your company secure. These are not all the solutions and should not be considered as the be-all-end-all of solutions to keep things safe.
Please don’t hesitate to contact us if you have questions about where to start.