IronNet Blog

Major ransomware attack against aluminum company indicates the need for organizations to collectively defend against cyber threats

Written by IronNet | Mar 26, 2019 6:55:01 PM

Last week, we saw yet another cyber security incident at a major multi-national aluminum and renewable energy company that severely impacted their business operations. In this case, the incident in question was the result of a ransomware attack that according to news reports appears to have happened after hackers breached the company's network and moved laterally until they reached their Active Directory servers before pushing out the ransomware to their workstations. Some have theorized that the attacks might have been closer to that of destructive wiper malware due to the minimal command-and-control, propagation, or payment infrastructure associated with the malware, potentially suggesting a more complex motive than ransomware.

What is clear about this and other cyber incidents is the fact that often the mechanism used by attackers is not new, but rather builds upon existing tools and techniques to generate new attack campaigns that target companies fitting into a particular industry sector, profile or other categorization. The reality is that attackers today are sharing offensive techniques and toolkits to help them bypass existing cyber security defenses, yet cyber defenders still work on a per organization basis and only share signature-based indicators that are published weeks to months after an incident.

Collective offensive is the norm in the cyber realm and cyber defenders need to adapt in a similar manner to match the attackers using behavioral-based detection methods, such as lateral movement detection, and more importantly share identified behavioral insights in real-time and at machine speed to identify and eradicate threats before they can take action on an objective. It is only with collective defense that companies can increase detection speed and efficacy for all members and raise the economics for attackers, by limiting their ability to reuse attack techniques to target individual enterprises.

IronNet is leading the way in helping public and private organizations work together to collectively defend against cyber security threats. Today, our IronDome collective defense capability links together major enterprises in the energy and utilities industry that serve more than 35 million customers to share behavioral indicators in real-time so that they can collectively defend against cyber attacks targeting their assets and their sector.

This year, we are launching new IronDomes around critical infrastructure industries, supply chains, and regional geographies with a set of anchor customers already in place. Find out how you can contribute and be part of the solution, by visiting www.ironnet.com/irondome.