TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Cybersecurity Controls to Stop Ransomware

2021-07-28 · Read original ↗

ATT&CK techniques detected

9 predictions
T1486Data Encrypted for Impact
93%
"offer immutable storage options, such as placing a software lock on a file when it ’ s created. the lock can remain in place for weeks or months to ensure stored files cannot be altered. these locks can both protect against ransomware and meet compliance and legal requirements fo…"
T1486Data Encrypted for Impact
81%
"cybersecurity controls to stop ransomware the 2021 application protection report notes that ransomware was a factor in roughly 30 percent of u. s. breaches in 2020. looking at the breach analyses, we found some of the most important controls were user account management, network …"
T1531Account Access Removal
55%
"what goes for system administrative accounts also goes for service accounts. these are the often invisible accounts that are tied to running applications. for example, a web server or database server might have an actual user account that runs its application service. being unnot…"
T1486Data Encrypted for Impact
48%
"be patched in a timely manner. attackers will exploit those bugs and break through, so make sure to keep those devices up to date. ransomware defense no. 3 : data backup once ransomware takes hold of your systems, the best course of action is to delete everything and reload from …"
T1098Account Manipulation
45%
"what goes for system administrative accounts also goes for service accounts. these are the often invisible accounts that are tied to running applications. for example, a web server or database server might have an actual user account that runs its application service. being unnot…"
T1078Valid Accounts
44%
"management is monitoring access. all user accounts should be logged for audit purposes in a way that prevents tampering with the logs. attackers will try to erase their tracks by deleting logs, so your monitoring system should sound the alarm if it detects logs deleted or they st…"
T1486Data Encrypted for Impact
42%
"##feasible. this is essentially least privilege at a network level. the following are some key tactics for doing this. segment trust boundaries worried about supply chain compromise of your management tools? set up default deny policies with firewall rules controlling the managem…"
T1556.006Multi-Factor Authentication
40%
"( mfa ) on all systems holding critical data ( see our earlier piece with tips and tricks for rolling out mfa ). we know it ’ s hard, and if you can ’ t apply mfa to everything, then prioritize. first, all administrative accounts should use mfa. a major attack vector for ransomwa…"
T1098Account Manipulation
33%
". - avoid arbitrary 30 / 45 / 60 / 90 - day password rotations. - lock or remove unnecessary credentials. limit administrative access strong account management means applying the principle of least privilege. the first priority here is limiting administrative access : the fewer s…"

Summary

Stopping ransomware takes work—F5 looks at the defense techniques of user account management, network segmentation, and data backup.