The Baltimore Ransomware Attack: What You Should Know About Threat Intelligence

As ransomware attacks continue to strike cities and businesses, enterprises must leverage threat intelligence to strengthen their defenses.

On May 7th, the city of Baltimore was hit with a ransomware attack. Hackers used RobbinHood ransomware to breach sections of the city’s network to disrupt emails and databases, affecting everything from parking tickets to property taxes.

The perpetrators initially demanded 13 bitcoins (equivalent to $100,000) to release the seized files. Rightfully, the city refused to play ball with the hackers, but a month later, the attack has resulted in over $18 million in damages.

Baltimore isn’t the first city to experience a costly ransomware attack this year. Greenville, NC experienced a similar attack just one month earlier, and Albany, NY was hit quietly with the same ransomware at the end of March. Just this year, an astounding 22 citywide ransomware attacks have been perpetrated.

But cities aren’t the only ones who should be fearing these attacks. Ransomware is becoming an increasingly popular tactic for hackers targeting major enterprises. As such, it’s advisable for businesses to begin planning new ways to secure their networks and data against the rising threat of breaches, data exfiltration plays, and ransomware attacks. Adopting sound threat intelligence practices can help businesses better protect their networks and mitigate the effects of data breaches.

What is Threat Intelligence?

Traditionally, cybersecurity has been something of an inward-focused practice. IT teams identify the data they want to protect and build defenses around that data. But as technology evolves and cybercriminals skill up, IT teams need to better understand, predict, and adapt to the behaviors of malicious attackers. Threat intelligence does just that.

Threat intelligence is defined as the information that allows organizations to take action against cyber threats targeted at users, customers, or valuable data. IT teams will aggregate data from previous cyber attacks and analyze it so they can extract actionable intelligence. Often, IT teams will look for information that may provide insights on the attackers themselves, rather than just isolated incidents. This practice comprises a critical component of a proactive cybersecurity posture.

Industry experts estimate that the threat intelligence market will grow from $3.8 billion in 2017 to more than $8.9 billion in 2022, which marks a CAGR of 18%. Of the many enterprises already investing in threat intelligence platforms, over 80 percent feel that they have received value from their investments, and over half report that they have improved their ability to identify future exploits and attack trends.

Threat Intelligence Requires Data

Without adequate support, establishing a high-functioning threat intelligence program can be an onerous process. In the first place, IT teams must collect data from a massive array of sources — internal servers, programs, applications, and more. But data from internal systems alone cannot provide adequate insights for sophisticated threat identification and prioritization. Instead, enterprises must also gather sizable stores of external data.

This external data can be used to correlate threat information with internal security data to better detect and remediate any potential breaches. This process helps CIOs predict incoming attacks as well as aid in the detection of attacks that may have already occurred on the network. Likewise, correlating external data can provide valuable intelligence on which threat actors might be targeting a specific enterprise or industry.

The question then becomes, which external data do enterprises need, and where do they get it from? Typically, it comes from multiple sources. Enterprises will sometimes collect data from open sources, although the quality of such data is often suspect. In other cases, they will aggregate data from cloud or network service providers. In addition, enterprises can purchase data from commercial threat intelligence companies or even share incident data with partners. No matter the source, IT teams must be sure the data they collect is accurate, relevant, and comprehensive.

Machine Learning and Threat Intelligence 

Just because you have access to the data doesn’t mean you can process it efficiently. Collecting slews of data takes a tremendous amount of time that IT teams often don’t have to spare. Moreover, purchasing external data sets can be an expensive endeavor. To close the gap, IT teams can use machine learning to scale up their data aggregation & analytics processes.

Machine learning can substantially speed up the threat intelligence process — in some cases by more than 10x compared with the speed of a human analyst. What’s more, ML platforms have proven capable of identifying 22 percent more threats than non-automated monitoring processes. Over half of enterprises developing threat intelligence use an ML platform as part of their methodology — many of whom report that their processes are over 30 percent more efficient as a result.

When data is collected and analyzed at machine learning speed, data-driven insights can be captured more quickly and more effectively, enabling IT teams to implement solutions and stop threat actors before they’re able to do real damage.

Enterprises Need Help Implementing Threat Intelligence

Baltimore is still feeling the effects of the ransomware attack from over a month ago. Money is bleeding, data is missing, and city applications and websites are still suffering due to a lack of public trust. If enterprises are to learn from this costly event, they should consider investing in threat intelligence practices.

Of course, this is easier said than done. As discussed, data aggregation can be a tedious process, and selecting the right ML partner poses its own challenges. What’s more, IT teams will need support when integrating threat intelligence platforms into existing cybersecurity systems. As enterprises seek to combat emerging threats with new cybersecurity tools, they’ll need a trusted partner to guide them. That’s where a cybersecurity expert like Turn-key Technologies (TTI) can help.

TTI has over 30 years of professional experience designing, installing, and securing enterprise networks against emerging cybersecurity threats. We bring a full slate of security solutions to the table. If your IT team could use some help getting an innovative threat intelligence program off the ground, get in touch with the experts at TTI today.

By Tony Pugielli


Sign up for the TTI Newsletter