• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Ransomware   »   Ransomware & Advanced Attacks: Servers are Different

Ransomware & Advanced Attacks: Servers are Different

  • Posted on:June 19, 2017
  • Posted in:Ransomware, Security
  • Posted by:
    Steve Neville
0

Ransomware and other advanced attacks are the scourge of the modern IT security team. If allowed to gain access to your IT environment, these attacks could shut down the organization, denying access to mission critical applications & data for potentially days, or even indefinitely. The result? The disruption of service delivery, lost productivity and a hefty hit to reputation and profits.

While traditionally thought of as an endpoint issue – 93 percent of phishing emails are now ransomware – the reality is that ransomware and other advanced attacks are also focused on your servers. The combination of instantly available infrastructure via the public cloud and the increasing velocity of application delivery to create competitive advantage, has made servers an important target for cybercriminals.

Servers are different than a traditional endpoint: the applications and operating systems that run enterprise workloads in the data center, in the cloud, and in containers can be extremely dynamic, making the approach to endpoint security different.

A recent Gartner report states that “Server workloads in modern hybrid data centers use private and public cloud computing and require a protection strategy different from end-user- facing devices. Security and risk management leaders should use risk- based models to prioritize evaluation criteria for cloud workload protection platforms.” <Source: Gartner, “Market Guide for Cloud Workload Protection Platforms”, March 2017 G00302941 >

The fundamentals still matter – get patched

Servers are workhorses of the enterprise, driving your business forward and supporting your most valuable data; it’s only natural that the bad guys are heading straight for this part of the IT infrastructure, whether it’s in the data center or in the cloud. Ransomware & advanced attacks are being created to take advantage of vulnerabilities found on servers, including the recent WannaCry ransomware, which leveraged a Microsoft Windows SMB vulnerability to inject itself onto servers and endpoints. Not to be left out, Linux servers – the dominant server for public cloud workloads—are also being targeted, with the recent Erebus attack that had a serious impact on a large web hosting firm (and their 3,400 customers!) in South Korea.

Patching is never easy, but no IT security professional can deny the importance of patching. Modern IT environments are complex systems which require IT departments to manage multiple disparate patching processes, including new approaches like blue-green deployments. For mission critical systems, patches are sometimes delayed because organizations simply can’t afford the downtime needed to test and roll-out fixes. It’s estimated that it takes enterprise firms approximately 250 days for IT and 205 days for retail businesses to fix the software flaws in their enterprise applications. It only takes one exploit to get through for your organization to hit the headlines as the next major ransomware victim. In addition, for either operational or financial reasons, close to two years after end of life many organizations are still running Windows 2003, which means no patches are available and mitigation strategies – often expensive – have to be in place or the risk of exposure goes up exponentially.

Hybrid cloud is complicated

The hybrid cloud includes physical, virtual, cloud and container workloads, with new technologies like serverless functions and processes like DevOps introducing new complexity in the way that your organization operates. While embracing new technologies to gain benefits like increased agility and rapid application delivery make good business sense, the reality is that existing architectures also need to be maintained and secured at the same time. If this means that you have accumulated multiple tools along the way to the hybrid cloud, you are probably feeling significant pain just keeping everything running!

Unfortunately, this complexity can also leave gaps – who isn’t too busy to get everything done, right?—which cybercriminals are only too ready and willing to exploit. You might have put in place perimeter security, for example, but what if a compromised endpoint accesses a vulnerable file server? Then you have an attack which started inside the network, bypassing traditional security controls. And of course, there is no perimeter in the cloud…so what then? 

Layered security is the right answer

The answer lies in advanced server security solutions like Trend Micro Deep Security. It’s been designed to protect workloads across physical, virtual, cloud and container environments with host-based security to shield servers from a wide range of threats including ransomware. Having one product with multiple controls is a great way to both increase security and reduce operational overhead. Powered by XGen™ Security, Deep Security includes a range of cross-generational security techniques that can help stop ransomware from hitting your enterprise servers, enabling you to easily:

  • Stop network attacks and shield vulnerable applications & servers, leveraging Intrusion Prevention (IDS/IPS) and firewall techniques;
  • Lock down systems and detect suspicious activity on servers, using techniques like application control and integrity monitoring that have been optimized for the hybrid cloud; and
  • Prevent malware and targeted attacks from successfully infiltrating your servers, leveraging proven anti-malware and advance techniques like behavioral analysis & sandboxing

With 752 percent growth in the number of ransomware families in 2016, the black hats have found a way to generate enough revenue – $1B in 2016 – to invest significant resources in rapidly evolving their attack strategies. With servers at the center of the enterprise, it’s clear that you need a strategy that both secures workloads wherever they might be – physical, virtual, cloud, containers – and aligns with the need for business agility that modern technology enables.

Find out more about how Trend Micro can help at www.trendmicro.com/hybridcloud.

Related posts:

  1. Spear Phishing and Advanced Targeted Attacks
  2. The Server Compute Evolution Continues…as does Trend Micro’s Market Leadership in Server Security
  3. Part 5: Time to Shield Your Servers Against a New Breed of Ransomware
  4. Targeted Attacks and Advanced Threats: Why Senior Executives Need Your Help

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.