A DevSecOps process for ransomware prevention
Ransomware is possibly the most severe cybersecurity threat facing organizations today. There are multiple attack vectors. One of the ways ransomware infects organizations is through the DevOps pipeline—a case in point is the Kaseya attack. Organizations are transitioning to DevSecOps workflows to make software more secure. Can they leverage the same process to prevent the next ransomware disaster?
What should you learn next?
The rise of ransomware attacks
Ransomware is a type of malware in which the data on a victim's computer is locked or encrypted and the attackers demand payment to release it to the victim. The motive for ransomware attacks is usually monetary. Unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions on how to recover. Payment is often demanded in a virtual currency, such as bitcoin, so the cybercriminal's identity is not revealed.
In recent years, high-profile ransomware attacks have affected millions of organizations around the world, affecting critical infrastructure and the global supply chain. A few recent examples:
- Colonial Pipeline attack: Attackers compromised a VPN password and deployed ransomware on the company’s corporate network, resulting in the shutdown of its extensive fuel pipeline, causing fuel shortages across the East Coast of the U.S. The company admitted to paying $4.5 million in ransom to the attackers.
- Kaseya attack: Attackers injected ransomware into a software update of a trusted IT solution, which was distributed to thousands of organizations, infecting them with ransomware.
- JBS Foods: the world’s largest supplier of meat products was hit by a ransomware attack that shut down slaughterhouses in three countries and disrupted the global meat supply chain. The company paid the attackers $11 million in ransom.
These catastrophic attacks illustrate the need for robust ransomware prevention strategies for organizations of all sizes.
What is DevSecOps?
One way organizations can better prepare and defend themselves against ransomware and cyberattacks is by adopting a development approach known as “shift left.” Shift left means building security into the DevOps pipeline from the start.
DevSecOps (short for development, security and operations) is an organizational pattern that supports security throughout the development lifecycle: planning, development, build, test, deploy, operate, and monitor. It is a management approach that combines application development, security, operations and infrastructure as a code (IaaS) in an automated, continuous delivery cycle.
Applying security at every stage of the software development process reduces the cost of compliance and can help deliver more secure software more quickly. In the DevSecOps model, every employee and team (including development and operations) is responsible for security, and they must make decisions, build and test software products to promote security.
Another aspect of DevSecOps is that it builds defenses into the development pipeline itself, preventing supply chain attacks and malicious compromise of continuous integration / continuous delivery (CI/CD) processes.
DevSecOps process steps: ransomware considerations
Most organizations will take the following steps to transition from traditional DevOps to DevSecOps.
Step 1: Develop
Involves adopting a “how-to-do-it” approach that gathers all available resources for guidance implements reliable practices and sets up a code review system for current and future team members.
- Addressing ransomware: Educate developers about vulnerabilities that can result in ransomware and related threats.
Step 2: Build and test
A DevSecOps implementation employs automated build tools to perform test-driven development without increasing development time. You can use automated tests for rapid-release artifact generation to identify vulnerabilities and to ensure that design aligns with coding and security requirements through static analysis.
- Addressing ransomware: Verify that known ransomware vulnerabilities do not exist in any software artifact, including third-party components and container images.
Step 3: Deploy
DevSecOps pipelines employ automation for provisioning and deployment to enable rapid and consistent development. It often involves using infrastructure as code (IaC) tools and services to automate and standardize secure configurations across the entire infrastructure.
- Addressing ransomware: Ensure that IaC templates, deployment tools and cloud environments are scanned and verified free of malware and ransomware.
Step 4: Update
Software projects require frequent upgrades. IaC tools can help update and secure the entire infrastructure quickly and efficiently. It helps minimize the scope of human error and watch for zero-day vulnerabilities.
- Addressing ransomware: Protect CI/CD infrastructure to prevent supply chain attacks that can inject ransomware during updates. At the same time, security updates that can prevent ransomware threats should be prioritized and deployed immediately.
Step 5: Monitor
Continuous monitoring tools working in real-time help gain visibility into a system’s performance and identify vulnerabilities and exploits in their early stages.
- Addressing ransomware: Ransomware-specific monitoring must be used in production environments. This includes file integrity monitoring (FIM) and tools such as endpoint detection and response (EDR), which can identify processes that appear to be ransomware in their early stages.
Step 6: Evolve
As the threat-and-technology landscape is continuously evolving, DevSecOps practices should adapt to remain agile and relevant. Ideally, implementations should continuously review security, performance, and functionality practices and improve to adapt to external trends and internal objectives.
- Addressing ransomware: Ransomware controls should be reviewed constantly and updated, following lessons from recent ransomware attacks in relevant industries.
What should you learn next?
Conclusion
In this article, I introduced the ransomware threat and briefly reviewed the DevSecOps process, suggesting where organizations can add measures to prevent ransomware from infecting their supply chain:
- Develop to avoiding ransomware vulnerabilities in code and when selecting software components.
- Build/test to verify that all software artifacts are free of ransomware vulnerabilities and known ransomware executables.
- Deploy to ensure that IaC templates and CI/CD systems are ransomware-free.
- Update and rapidly deploy relevant patches to prevent ransomware from infiltrating software updates,.
- Monitor, using ransomware monitoring solutions at all endpoints that compromise CI/CD pipelines.
- Evolve by updating security measures to adapt to evolving ransomware threats.
I hope this will be useful as you leverage the DevSecOps transformation to improve ransomware readiness!
In this Series
- A DevSecOps process for ransomware prevention
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
- Top 8 Microsoft Teams security issues
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security