Build a Next Gen SOC to Protect Against Ransomware Attacks

Published on 14 May 2021

Cybersecurity experts are urging governments and businesses to consider ransomware attacks as a serious threat. Corporations like Amazon, Google, Microsoft have urged the US government to designate ransomware attacks as a threat to National Security and introduce sweeping policy changes in order to combat them. During the pandemic, the number of ransomware attacks increased significantly. According to KPMG, there is evidence that the chances of a ransomware attack being successful are significantly higher when remote working. This is partly due to weaker consoles on home IT as well as the fact that attackers are using Covid-19 themed lures to encourage users to click on links and capitalizing on the increased levels of anxiety during the pandemic, some of these lures include Information about vaccines, masks, and hand sanitizers. It is not enough for businesses to educate their employees to guard against such attacks, the increasing sophistication of ransomware attacks has made it essential for businesses to build a next-gen SOC (security operations center).

Recent significant Ransomware Attacks

1. The Colonial Pipeline Hack

Referred to as the biggest attack on US energy infrastructure, the Colonial Pipeline ransomware attack is the most significant of 2021 so far. It serves as a wake-up call for governments around the world about the dangers of these types of attacks and the real-world consequences they can have. The colonial pipeline delivers 40% of the fuel to the east coast and southern parts of the United States. Hackers compromised the Colonial Pipelines systems, leading to a shutdown of the pipeline for 5 days. According to reports, the Colonial Pipeline Company paid the hackers $5 million. The attack was carried out by the group known as DarkSide, which operated on ransomware as a service model. The attack has made it abundantly clear that key infrastructure can be compromised by these attacks.

See also: 'Ransomware Task Force' Formed to address increasing attacks

2. Attack on Channel Nine

In March of this year, Australia's Channel Nine was hit by a cyber attack. The attack made it impossible for the channel to broadcast its Sunday news bulletin along with other shows. The Channel's headquarters in Sydney was unable to access the internet which caused disruptions in the network's publishing business. Initially, the channel claimed that the issues were being caused by technical difficulties but later admitted to a cyber attack.

3. Acer's and the $50 million ransom

Global computer maker Acer was hit by a ransomware attack earlier this year. The hackers demanded a ransom of $50 million, the highest known ransom to date. The cybercriminal group REvil is considered to be responsible for the attack. The hackers not only announced the breach on their website, but they also shared some images of the data they had stolen.

4. Airplane manufacturer Bombardier

Bombardier is a well-known Canadian airplane manufacturer. In February of 2021, the company suffered a data breach. Confidential data of customers, suppliers, and 130 employees working in Costa Rica was compromised. Bad actors were able to gain access to the data via a vulnerability in a third-party file-transfer application being used by the company. The compromised data was leaked on the site that is operated by the ransomware gang known as Clop. No information is available if a ransom was demanded.

A worrying trend of Ransomeware attacks in 2021 is the release of sensitive information of organizations that refuse to pay the ransom. These types of attacks can be very lucrative and hence there is a lot of incentive for cybercriminals to engage in them. A successful attack can lead to ransomware groups earning millions of dollars. It is clear from these attacks that they are not industry-specific. From critical infrastructure to computer manufacturers. Ransomware attackers will go after any and all businesses. Paying a ransom does not guarantee that data will be returned and not leaked. The FBI's official stand is to discourage companies from paying the ransom, as it can also encourage the criminals to continue attacking others. However, paying the ransom is not illegal and many companies find that it is the best solution out of their predicament.
Therefore the best solution for businesses is to prevent an attack from taking place. Organizations need to have a modern Security Operations Center (SOC) that is capable of defending against such attacks.

What is a next generation security operations center?

A security operations center is made up of security analysts, engineers, and managers that oversee the security operations of an organization. The goal of the SOC team is to identify, analyze and respond to any cybersecurity threats and incidents. To do this the team utilizes a combination of security processes, protocols, and technology solutions like security software. The SOC is responsible for monitoring and analyzing an organization's cybersecurity on a continuous basis. If and when a security incident is detected, it is the SOC's job to address the situation and determine the best response. These teams monitor activity taking place on a business's networks, servers, databases, applications, endpoints, websites, and any other systems being used.
In a next generation SOC, the team will implement a methodology that integrates natively with an organization's information systems. They will rely on security enforcement points and threat research tools in order to monitor, assess, and defend against cyberattacks. The goal is to be as proactive as possible when it comes to threat detection and ensuring all endpoints are made secure.

Tips to build a next gen soc

There are certain things that organizations need to keep in mind when it comes to building a next generation security operations center.

Improved threat hunting

SOC's should be able to find and identify threats quickly. There are solutions available in the market that make it easier for this to be done. Let's say, for example, a new threat has been identified and is in the news. Without the right tools in place, it can take a very long time for security analysts to scour the organization's information systems and determine if the same threat has impacted their organization. Often for new threats, analysts don't know exactly what they should be looking for as well. Hence investing in tools like AutoFocus or Active Track can make threat detection easier.

Robust reporting and logging

Proper reporting and logging can help your SOC's identify patterns and detect threats at an early state. A next-gen SOC should have a comprehensive policy in place for any and all anomalies and incidents to be reported and logged.

The best people and technology

Businesses sometimes make the mistake of only focusing on one aspect of security: the technology or the people. However, a next generation security operations center will have both quality people and the best technology. SOC's should have the latest intelligence, tools, and solutions to defend against cyber attacks. The human component is also equally important, even the greatest tools that give the best information will fail, it the right security experts are not present to act on the information.

With the number of bad actors and ransomware attacks increasing, now is the time for businesses to invest in technology and people to ensure their operational security. Subscribe to and learn more about building a next gen SOC along with other technology updates.

Featured image: Business photo created by -