Ransomware attacks are up tenfold — here’s what businesses should know
Ransomware attacks are growing rampant today. Be it large or small organizations, cybercriminals continue to find new ways to infiltrate them and disrupt their operations. Increasing ransomware attacks not only interfere with productivity, but can also cause chaos across the entire supply chain to boot.
Ransomware attacks have been occurring even before the COVID-19 pandemic. However, with digital transformations accelerated and remote working becoming the new normal for most organizations, the opportunities for cybercriminals to launch attacks have also opened up.
Almost anyone in the organization can be targeted by cybercriminals today. Be it DDoS attacks or phishing emails, organizations are now having to deal with not only protecting their data on-premises but also their employees who are working remotely. While attackers had initially shifted their resources away from enterprise infrastructure devices to home networks and consumer-grade products last year, both are now being aggressively targeting. Hence why it’s no surprise that ransomware attacks are seeing a tenfold increase.
Fuel company Colonial Pipeline, meat supplier JBS, navigation company Garmin, and managed services provider Kaseya, are just some of the large organizations that have suffered ransomware attacks in recent times. Smaller companies have also seen increasing attacks which have even led to some companies shutting down comepletely.
More than just money
Data from FortiGuard Labs showed that the average weekly ransomware activity in June 2021 was more than tenfold higher than levels from a year ago. Organizations in the telecommunications sector were the most heavily targeted followed by government, managed security service providers, automotive, and manufacturing sectors.
The evolution of Ransomware-as-a-Service continues to fuel cybercrime with malicious actors shifting their focus from email threats to gaining access to credentials, which have a lot more value these days.
The report also highlighted the rise in deceptive social engineering malvertising and scareware. More than one in four organizations detected malvertising or scareware attempts. The hybrid work reality has undoubtedly encouraged this trend in tactics by cybercriminals as they attempt to exploit it, aiming for not just a disruption, but also extortion.
Botnets have also increased their attacks with 35% of organizations detecting botnet activity of one sort or another earlier in the year, and 51% six months later. A large bump in TrickBot activity is responsible for the overall spike in botnet activity during June. Originally a banking trojan, TrickBot has since been developed into a sophisticated and multi-stage toolkit supporting a range of illicit activities.
Mirai is still the most prevalent botnet as cybercriminals seek to exploit IoT devices used by work-from-home or learning-from-home individuals. Gh0st is also noticeably active, which is a remote access botnet that allows attackers to take full control of the infected system, capture live webcam and microphone feeds, or download files.
Can organizations afford 10x protection?
Unfortunately, while ransomware attacks may have increased tenfold, it is almost impossible for most organizations to increase their cyber protection by tenfold as well. Not only will the high costs of such a massive scale of security be an issue, but having sufficient manpower to manage more solutions is also concerning.
The only way to reduce increasing cybercrime without breaking the bank is via security collaboration and sharing of information. It has to be enhanced further to help reduce cyber-attacks.
According to FortiGuard Labs Global Threat Landscape Report, threat intelligence from the first half of 2021 demonstrates a significant increase in the volume and sophistication of attacks targeting individuals, organizations, and increasingly critical infrastructure. With the hybrid workforce being the main target, the second half of 2021 should see timely collaboration and partnership across law enforcement as well as public and private sectors to disrupt the cybercriminal ecosystem.
“We are seeing an increase in effective and destructive cyberattacks affecting thousands of organizations in a single incident creating an important inflection point for the war on cybercrime. Now more than ever, everyone has an important role in strengthening the kill chain. Aligning forces through collaboration must be prioritized to disrupt cybercriminal supply chains,” said Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs.
Collaborating to disrupt cybercrime
Manky believes that shared data and partnership can enable more effective responses and better predict future techniques to deter adversary efforts. For example, the US has already reached out to Russia and several other countries as well as tech giants on tackling cybersecurity issues globally.
World leaders also condemned attacks that have been affecting global food supplies and such. Interpol and the World Economic Forum’s Centre for Cybersecurity have begun international dialogues on overcoming geopolitical limitations to enable better cooperation to detect and stop threats, as well as cripple cybercriminal organizations while they’re at it.
FortiGuard Labs highlighted cybersecurity cooperation had resulted in the takedown of several malware, including Emotet — one of the most prolific malware operations in recent history — and the disruption of the Egregor, NetWalker, and Cl0p ransomware operations. Cybersecurity collaborations were also responsible for the voluntary exit of cybercrime groups such as the prolific DarkSide, Avaddon, and Ziggy.
The original developer of TrickBot was also arraigned on multiple charges in June. This response to increased pressure by crucial players in the cybersecurity ecosystem represents a significant step forward in government and law enforcement efforts to curb cybercrime.
At the end of the day, even if governments and organizations collaborate to share information on cybercriminal activity, employees are still the weakest link within an organization when it comes to ransomware attacks. Organizations need to make sure their employees are well aware of all the risks that are involved when working remotely — or even in the office.
As Manky puts it, “Continued cybersecurity awareness training as well as AI-powered prevention, detection, and response technologies integrated across endpoints, networks, and the cloud remain vital to counter cyber adversaries.”
2 December 2022