Q2 2021 Cyberthreat Intelligence Report takes a deep dive into ransomware

By Michael Zuckerman, Consulting Product Marketing Manager at Infoblox

Michael Zuckerman, Consulting Product Marketing Manager at Infoblox

In August, Infoblox published the Quarterly Cyberthreat Intelligence Report for Q2. Published during the first month of each quarter, these reports review the new and recently emerged malware variants and trends, how these differ from other variants observed in the past, and defensive tactics and best practices to address them. The Q2 2021 report includes publicly released threat intelligence by Infoblox Cyber Threat Intelligence Unit from April 1, 2021, through June 30, 2021 and is an excellent resource for CISOs and SecOps around the world to keep up with the latest threats.

An Expanded View of Ransomware

This quarter, the report shares an expanded view of ransomware. Approximately 10 percent of all breaches now involve ransomware. The impact and expense of successful ransomware attacks can be crippling to an organization. The recent attacks on JBS and Colonial Pipeline have once again brought focus to the danger of increasingly sophisticated ransomware campaigns.

The estimated payments in 2020 associated with ransomware is about $370 million in cryptocurrency. Ransomware costs are not just about the ransom payouts, but also time lost and cost of improving outdated systems. The total damage associated with ransomware is estimated to be much higher than the cryptocurrency payouts—perhaps $20 billion. 

The Infoblox Cyber Threat Intelligence unit overview the ransomware-as-a-service process flow and the primary channels of distribution, as well as provide deep coverage of ransomware campaigns where we have previously done original research. They also share information on the NIST cybersecurity framework profile for ransomware risk management, and the CISA new ransomware readiness assessment, both published by these government agencies in June of this year.

Guidance on DNS Security

The analytical coverage of the NSA’s and CISA’s recent guidance on DNS security reflects that DNS is key to the foundational security stack in the public sector as well. The NSA and CISA have gone on record in 2021 with guidance recommending that every agency, organization and enterprise leverage the existing DNS protocol and architecture by using a protective DNS (PDNS) service. This information sheet, Selecting a Protective DNS Service, details the benefits and risks of using DNS security and assesses several commercial PDNS providers based on reported capabilities. With 100 percent of the performance score based upon the criteria defined by NSA, Infoblox foundational security using BloxOne® Threat Defense provides comprehensive DNS security capability. 

While getting updated with the latest threat intel is always advisable for any CISO, the quarterly threat intelligence overview guides CISOs and Security leaders to evaluate their security measures against the latest threats. More informed decisions lead to strategic enhancements in the foundational security of the organizations and keeps them ahead of attackers.