Jul 9, 2020

Rapid7: Ransomware Playbook - understanding cyber risk

rapid7
covid-19
Ransomware
William Girling
3 min
Ransomware
Rapid7 has recently published its ‘Ransomeware Playbook’, a guide for helping businesses understand, identify and tackle cybercrime...

Rapid7 has recently published its ‘Ransomeware Playbook’, a guide for helping businesses understand, identify and tackle cybercrime.

The COVID-19 pandemic has accelerated digital transformation across several segments and the banking, insurance and finance sectors are no different. 

As remote working becomes more commonplace and operations are integrated further with technology, the risk of organisations holding sensitive or valuable information grows exponentially and Rapid7 hopes to redress the balance by keeping companies informed.

“Victims of ransomware attacks suffer the impact of productivity and revenue loss due to work stoppage,” says the report. “Ransomware is a unique security threat where most of the security team’s effort is spent on prevention and response because once ransomware is detected, it's too late.”

Identifying risk

Before expanding on the actions that can be taken, Rapid7 advocates a primer in the forms that contemporary cyber risk can take. The company puts forward this definition:

“Ransomware is malicious software that covertly encrypts your files—preventing you from accessing them—and then demands payment for their safe recovery.  

“Like most tactics employed in cyber-attacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.”

Methods used to gain infiltration could include targeting a user through compromised email accounts that they have had legitimate contact with. Other techniques include:

  • Spear phishing: sending targets a clickable link or attachment.
  • Drive-by: exploiting a web browser vulnerability.
  • Exploitation: embedding ransomware at a point of vulnerability and then allowing it to proliferate automatically.
  • Replication: networked media which encrypts ransomware as it simultaneously infects the targetted user.
  • Valid accounts: an ‘outsider from within’ approach, wherein the perpetrator has legitimate access to the system from the onset.

Once contact is made, the targeted user will be prompted to open a link, download some software or otherwise coerced into introducing malicious content to their computer.

Now that the ransomware has been embedded, it can be used to steal information or lock the legitimate user out of core systems, with the subsequent refusal to unlock it unless a ransom is paid - hence the name.

How has ransomware changed?

Previously, ransomware relied on unsophisticated mail merges which targetted large quantities of potential victims simultaneously.

Now, however, Rapid7 states that this is changing: 

“Increasingly over the past few years, there has been a shift to "big-game hunting" threat actors leveraging access established by taking advantage of poor security controls in an environment like an unpatched externally facing server, unsecured remote access solutions, or an undetected banking trojan (such as TrickBot, Emotet, or Dridex).”

Described as a more ‘hands-on’ approach, the infiltrators are able to gain incremental control over a system until a business’ services are rendered incapacitated. This can be disastrous for banks, which not only have compromised their customer’s data but could also suffer long-term reputational damage too.

In our next article on Rapid7’s Ransomware Playbook, we will explore what actio ns enterprises can take to mitigate the threat and how Rapid7 can find the optimal solution for the prevention, identification and elimination of cyber risk.

Share article

Jun 19, 2021

AI and the future of global trade

AI
Tradeteq
trade
Finance
Michael Boguslavsky, Head of A...
3 min
Boguslavsky explores AI's potential in trade finance; could it overcome traditional barriers and usher in a new era of financial transformation?

Artificial intelligence (AI) is becoming entrenched in our daily lives, but the technology is still surrounded by misconceptions and skepticism. Ask the public and they may jump to dystopian scenarios where robots have taken over the world. 

While this makes for a good sci-fi blockbuster plot, the reality is different and more benign. Those products that Amazon suggested you buy? AI. That TV series you were recommended to watch on Netflix? AI. That self-driving Tesla car you crave to take for a spin? You guessed it: AI.

There is no single industry that is not being re-shaped by technology. Until recently, however, there was one noteworthy exception: global trade. Fortunately, that is slowly changing.

The mechanism that underpins global trade – trade finance – is an industry that remains largely paper-based and reliant on manual processes. This US$18tn a year industry is now being influenced by a new wave of technological innovation, including AI.

Exploring the potential of AI in Trade Finance

AI refers to the use of computer-aided systems to help people make decisions or make decisions for them. It relies on large volumes of data and models to make sense of information and draw intelligence. 

In trade finance, AI is helpful in analysing quantitative data, and the repetitive nature of trade finance means that there is a lot of non-traditional data at our disposal. 

This means that when trade finance providers need to assess the risks of funding a transaction, AI models can be a very efficient tool for data analysis and reveal intelligence and risks relating to small companies.

AI helps the industry move beyond traditional credit scoring processes, which are often outdated and remain reliant on historical accounting entries – a barrier that prevents small companies from accessing trade finance and has resulted in a $1.5tn global shortfall. 

Overcoming the barriers

AI can tackle this shortfall by creating accurate credit scoring models. This can include a company’s payment history, measure the risks of funding a transaction, identify supply chain risks, and benchmark them against their peer group.

Trade finance providers can use this information to communicate effectively with their SME clients, ultimately helping establish better business relationships.

Towards a technological utopia?

The adoption of AI has the potential to do a lot of good in the industry, and the industry is in the early stages of radical transformation.

Advances are driven by fintechs as well as a willingness to change. The industry is working together to create new infrastructure for distributing trade finance assets to other investors in a transparent, standardised format. 

The creation of infrastructure is possible due to improvements in technology and integrated across the trade ecosystem in cooperation with banks, insurers, and other industry participants. 

It’s collaboration at its best: together, the industry is using technology to re-shape global trade as we know it.

This article was contributed by Michael Boguslavsky, Head of AI at Tradeteq

Share article