Cyber criminals are generating millions of dollars in revenue by targeting organizations with dated cybersecurity infrastructures.

The latest attack techniques are designed to take over legitimate user credentials and have evolved to evade traditional signature-based perimeter defenses, which enables attackers to compromise users and masquerade as legitimate insiders with full access to corporate networks. Skilled cyber criminals are increasingly deploying new strains of ransomware due to its effectiveness in avoiding detection and in generating profits.

In fact, the FBI’s Internet Crime Complaint Center released data revealing that there were 2,453 reported cases of ransomware attacks in 2015 and victims paid around $24.1 million to regain access to critical data. In addition, Symantec’s Ransomware and Businesses 2016 report found that the average ransomware demand went from $294 in 2015 to $679 in 2016, suggesting that cyber criminals are successfully extorting money from their victims and are able to increase costs due to high demand.

Traditional cyber security defenses, such as Security Information and Event Management (SIEM) solutions, only discover attacks that are well-understood. However, advanced malware and ransomware attacks were designed to bypass these systems and reach the inside of an organization undetected.

For example, skilled cyber criminals are aware that SIEM solutions will examine the number of failed login attempts in a specific time frame to detect a password hack, and thus, cyber criminals will adjust their actions accordingly to avoid being exposed.

Given the potential consequences associated with ransomware attacks, including the loss of private information, fees for restoring systems and data, and damage to an organization’s reputation, it’s clear why some would prefer to pay the ransom. However, with no signs of ransomware abating, organizations will need to utilize new analytics techniques that leverage machine learning to effectively identify anomalies that indicate an active attack before it does damage.

To augment defenses and keep up with the latest threats, many organizations have turned to unsupervised, supervised and adaptive machine learning techniques. Supervised machine learning models trained on large datasets quickly surface indicators of compromise that would otherwise go unnoticed, and unsupervised machine learning models ensure that the system is self-learning and constantly adapting to accurately identify behavioral anomalies that may be the only indicator of a developing attack.

With reams of security related data, including packets, flows, logs, files, alerts and threat intelligence combined in a big data platform like Hadoop, IT and security teams are equipped with contextual information that facilitates the investigation and remediation of risky behaviors and gestating attacks that have evaded real-time defenses.

Furthermore, with well-meaning employees frequently contributing to organizations’ falling victim to advanced attacks by visiting the wrong website or clicking on the wrong attachment, machine learning can be used to analyze the behaviors of exploited insiders that will provide early visibility into ransomware attempts. This ensures that the appropriate steps for remediation can be taken before irreparable damage is done.

Finally, with machine learning-based analytics, organizations dealing with limited resources and security expertise can dramatically reduce the time and effort required to investigate and respond to attacks. The insights gleaned from machine learning analytics deliver comprehensive forensic information on the activities of high risk users, enabling enterprise security teams of all skill levels to stay ahead of advanced attacks.

With machine learning, security teams can catalog suspicious IT activities, including those too subtle to be detected by traditional defenses, ensuring that organizations are focused on the threats that matter.

The future of cyber security can seem daunting, considering the influx of organized and highly focused criminal activity. With ransomware evolving and cybe criminals continuing to refine their tactics, organizations will have to reinforce cyber security defenses with machine learning to keep up with the latest threats and stay out of the media headlines.

(About the author: Vinay Pidathala is chief security researcher at Niara)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access