The cloud isn’t a mystical data hub in the sky. It’s supported by a complex infrastructure, and the mainframe sits at the heart of it. Terabytes of data currently live on the mainframe, and information moves in and out of the cloud at a near-constant pace.
Consider the operational value mainframes create for today’s organizations:
- 68% of the world’s production IT workloads still run on mainframes
- 71% of Fortune 500 companies continue to rely on the mainframe
- $8tn in credit card transactions that run on the mainframe each year
Even as organizations diversify their IT landscapes, the mainframe will remain critical. In fact, some expect a 12% increase in mainframe applications and a 9% increase in data on the mainframe amid the shift to hybrid IT environments.
Despite its ongoing relevance, the mainframe and security have been neglected for years. The system’s reputation for top-level security, paired with the “conspiracy of silence” that discourages organizations from reporting mainframe attacks, created a misconception that the mainframe is inherently secure. Yet, now more than ever, decision-makers need to understand the security risks mainframes pose and take the necessary steps to mitigate the threat of cyber-attacks.
Mainframes and the Growing Threat of Ransomware
Meanwhile, ransomware is becoming more and more prevalent, with 2021 costs expected to total $20bn – a 57-fold increase compared to six years ago. If ransomware wasn’t already on organizations’ radars, the headline-making attacks of the past year (from the Colonial Pipeline to Kaseya to the NBA) illustrated just how easy it is for attackers to wreak havoc in our interconnected digital environments.
Unfortunately, we seldom learn if these attacks involve the mainframe because most organizations opt to shield the mainframe and uphold the ‘conspiracy of silence.’ But the mainframe is a gold mine of valuable data, processing 30 billion transactions each day, so it’s a safe bet that massive attacks inevitably involve data stored on mainframe systems.
As hackers’ techniques, tactics and procedures grow in sophistication, there are more network nodes to exploit than ever, whether they originate from our increased reliance on the cloud or the rising number of IoT devices. Together, the two trends – hackers’ growing sophistication and the proliferation of opportunities for exploitation – put the mainframe at immense risk.
Hacking the Mainframe in Less Than 30 Seconds
Once they’ve entered the network, hackers can monitor internal traffic and potentially gain mainframe credentials, bypass security controls, corrupt your system and cover their tracks.
In this demo, we’ll exploit a vulnerability found in a program running in z/OS. This kind of program could be running on your system right now and allow hackers with no authorized access to use a common script to take advantage of a vulnerability, escalate their authority, bypass security controls and edit corporate payroll data.
Protect Your Organization Against Mainframe Attacks
When mainframe vulnerabilities exist, a hacker with even low-level mainframe credentials could encrypt all mainframe data and demand a ransom. With ransomware on the rise, you need to immediately safeguard your most valuable IT asset. The following steps could help your organization begin to work towards a mature mainframe security strategy.
-
Proactively Search for Vulnerabilities
In most cases, the damage is already done once you’re notified of an attack. That means you need a strong cybersecurity strategy in place from the start, one that not only offers solutions but creates defenses to avoid attacks altogether. By frequently and automatically scanning for vulnerabilities at the OS level, you can unearth the insights you need to close dangerous gaps and maintain system integrity.
-
Assume the Bad Guys Are Already In
Ransomware groups are well-oiled machines. They’re part of a massive, dangerous ransomware-as-a-service industry that tempts participants with piles of cash – individual hackers taking home up to 80% of a ransom payment on average.
Teams need to act under the assumption your system has already been breached. Encrypting internal communications and constantly verifying user identity helps limit the ability to escalate privileges.
-
Develop a Process for Integrity
Patch management is often neglected because teams are reluctant to suffer downtime. As a result, mainframe patches can take 3-18 months, leaving the door open for exploitation.
Armed with clear descriptions from vendors, teams need to prioritize patches, following a clear policy for tackling the most dangerous gaps quickly. Simultaneously organizational culture needs to shift from punishing IT teams for downtime to prioritizing security patches.
The mainframe is not an untouchable fortress. As your organization’s IT landscape becomes more interconnected and complex, security risks increase. Now is the time to recognize the risks the mainframe poses and take the steps necessary to avoid a potential disaster.