Hive is a double-extortion ransomware group that first appeared in June 2021. Over the past few months our cybersecurity partners are reporting a significant increase in activity across healthcare, education, charity, and the public sectors.
Hive typically attacks a network via a phishing email, leaked credentials, or out of date software installs. Hive is described as a sophisticated and dangerous form of malware that can cause considerable damage to an infected system. It is designed to disable antivirus and other security tools, delete backups, and prevent recovery, making it difficult for victims to defend against the attack.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that Hive ransomware can disable “all portions of Windows Defender and other common antivirus programs in the system registry.” This means that once a system is infected with Hive ransomware, it is likely that traditional security measures will not be able to protect against it.
So how do you stay safe?
Good cybersecurity requires a multilayered approach. A multilayered approach to cybersecurity is a strategy that involves using multiple methods or technologies to protect against threats.
This approach is also known as defense in depth. It is based on the idea that using multiple layers of protection can make it more difficult for attackers to breach a system, because even if one layer is bypassed, there are still other layers in place to prevent a successful attack.
- Educating users about the risks of ransomware and how to avoid falling victim to attacks. This could include training users on how to identify phishing emails, avoid clicking on suspicious links, and to regularly update their software to reduce the likelihood of successful ransomware attacks.
- Implementing strong password policies to help prevent unauthorised access to systems. This could include using long, complex passwords to reduce the risk of password-based attacks.
- Using firewalls and intrusion detection systems to block unauthorised access to networks and detect suspicious activity.
- Regularly patching and updating software to fix known vulnerabilities and prevent attackers from exploiting them to launch ransomware attacks.
- Implementing data backup and recovery processes to enable organisations to quickly restore their systems in the event of a ransomware attack.
- Developing an incident response and recovery plan to enable organisations to quickly respond to and recover from ransomware attacks.
- Deploy a next generation security product such as Managed detection and response (MDR) to better protect your devices.
What is MDR?
Managed detection and response (MDR) is a type of cybersecurity service that involves continuously monitoring an organisation’s networks and systems for signs of potential threats, and then taking action to investigate and respond to any detected incidents. This can help organisations to identify and respond to security threats in a timely manner
But doesn’t an antivirus program protect me?
In simple terms, no. Antivirus works based on signatures, as such antivirus is good with known threats, however modern ransomware threats change how they look to deceive and avoid detection.
MDR on the other hand looks for activities that may be suspicious, it takes a proactive route to block potential threats.
MDR and antivirus are both types of security measures that are used to protect against malicious software, such as viruses, malware, and ransomware. However, there are some key differences between the two.
| MDR | Antivirus |
|---|---|
| Continuous monitoring of networks and systems | Scanning of individual files or devices for known threats |
| Identifies and prioritizes the most serious threats | Focuses on known threats, using signatures or heuristics |
| Conducts forensic analysis and provides technical support during incidents | Removes or quarantines detected threats |
| Provides regular reporting and analysis to help organizations improve their security posture | Requires regular updates to stay current with new threats |
| Often requires a subscription or fee | Can be included as part of an endpoint security suite or purchased separately |
In general, MDR provides a more comprehensive and proactive approach to security than antivirus, as it focuses on detecting and responding to potential threats in real-time, rather than simply scanning for known threats.
If it all seems very confusing
To be honest, that is because it is. Cybersecurity threats are constantly evolving it is widely acknowledged that the number and sophistication of cybersecurity threats have increased significantly over the past few decades.
Some of the key factors that have contributed to the rise of cybersecurity threats in recent years include:
- The growing use of connected devices, such as smartphones and internet of things (IoT) devices, which can create new vulnerabilities for attackers to exploit.
- The increasing complexity of networks and systems, which can make it more difficult to defend against attacks and to identify and respond to incidents.
- The rise of organized crime and nation-state-sponsored hacking, which have led to more sophisticated and targeted attacks.
- The growing value of data, which has made it more attractive to attackers who seek to steal or ransom sensitive information.