The Ransomware Tetrahedron
Jim Seaman
Business Information Security Officer (BISO) | Cyber Security & Risk Consultant | PCI DSS Compliance Specialist | Author | Speaker | MSc, CISM, CRISC, CDPSE | 20+ Years in Security Risk Management
Introduction
Since the start of March 2024, I have been carrying out extensive research into the topic of Ransomware, Very early on in this research, it became apparent that Ransomware mitigation is far more complex than some might have you believe.
Consequently, we see constant reports of another organization falling victim to a (or multiple) ransomware attack. Now, some of these victimized businesses are not the small to medium-sized companies you might expect to see, but instead, quite a few of these are well-known, larger corporations.
Why might this be?
Using my extensive military experience, I started to look at this from a different angle. Throughout my 22-year career in the Royal Air Force Police, I was always taught to develop mitigation measures based on the Tactics, Techniques & Protocols (TTPS) that the threat actors are known to employ.
By doing the same with Ransomware, I soon realized that no two Advanced Persistent Threat (ATP) groups use exactly the same techniques, within their Cyber Kill Chain. Consequently, I started to develop a concept called the Ransomware Tetrahedron.
What is the Ransomware Tetrahedron?
During my military career, I was taught and annually refreshed on the Fire Triangle method. This Fire Triangle was later enhanced to become the Fire Tetrahedron (with the addition of the fourth element (Chemical Chain Reaction)):
Now, the Fire Triangle/Tetrahedron is a well-known and effective concept that has helped to simplify the chemistry complexities of fire prevention and firefighting.
If you can focus on isolating the four elements from each other, you can help prevent a fire from happening or can make informed decisions on the best approach for extinguishing a fire, e.g.,
With this in mind, I thought why could a similar approach be used to help simplify the Ransomware complexities?
Rather than trying to focus on mitigating every type of ransomware attack, why not focus on the common four elements?
领英推荐
Learning About the Ransomware Triangle/Tetrahedron
At 0935hrs, on Thurs 10 Oct 2024, Ian Robinson and I will be presenting at this year's PCI Security Standards Council European Community Meeting.
The subject of this presentation:
During the course of this presentation, we will use real-life examples from the physical world in the aim of explaining how securely configured and maintained 'Digital Fire Doors' deliver far more value than just reducing your PCI DSS scope and will use real-life examples from the physical world
In addition, I've currently completed 80% of the draft content for my next book (A Ground-breaking Approach: Helping Businesses To D3fend Against the Evolving Cyber Att&cks), which I hope will be ready and published in support of to this event.
Intrigued?
Want to discover more?
If attending the event,
If you're unable to attend the event,
Business Information Security Officer (BISO) | Cyber Security & Risk Consultant | PCI DSS Compliance Specialist | Author | Speaker | MSc, CISM, CRISC, CDPSE | 20+ Years in Security Risk Management
6 个月When it comes to protecting your organization from the ever-present Ransomware threats, it is important to understand each compliance framework's limitations, when it comes to complete protection from Ransomware. For example, in Feb 2024, US Health Care became a victim of a Ransomware attack: https://apnews.com/article/change-cyberattack-hospitals-pharmacy-alphv-unitedhealthcare-521347eb9e8490dad695a7824ed11c41 This is despite whether they were HIPAA compliant: HIPAA Att&ck limitations: 1. Exploitation of Public-Facing Applications (T1190). 2. Use of Web Shells (T1505.003). 3. Scheduled Task/Job Creation (T1053). 4. Command and Scripting Interpreter (T1059.001). 5. Protocol Tunneling (T1572). 6. Remote Access Software (T1219). 7.?Account Manipulation (T1098).