In the previous posts, we have discussed how mobile devices are the new attack surfaces for cybercrime, and cyber-kinetic attacks are here to stay. In this post, we would like to shed some light on the ever-growing menace of ransomware attacks.
On the surface of the matter, a ransomware attack is one of the most viable business models for threat actors – regardless of their geography. An attack that gains unauthorised access to vital infrastructure, encrypts it and holds it captive with a ransom. The ransom is often demanded in the form of bitcoins or other cryptocurrency, which if not paid there will always be a lingering threat of the stolen data being leaked in underground forums. What is, therefore, at stake is not data alone. It is the damage to reputation and the loss of consumer confidence as well.
To put things into perspective, here are some facts and figures on the ransomware threat landscape:
As per our research, ransomware operators have upgraded to following a four-layered approach of targeting organisations that includes:
As these attacks promise immense profits, along with a strong reputation amongst their peer group, cybercriminals have now opted for this model named Ransomware-as-a-Service (RaaS). In RaaS, ransomware developers sell/ establish affiliates for their tools.
Given that the cost of hacking tools has come down substantially, and the attack surface is expanding at a rapid pace, researchers believe that the ransomware industry could further evolve into a subscription model – wherein organizations/ businesses would pay the cybercriminals to not attack them.
Another interesting development in the ransomware landscape is the recruitment of insiders to improve their attacks. A survey conducted between 7 December 2021 and 4 January 2022, found that 65% of its respondents were approached by ransomware attackers to gain the initial access into critical infrastructure. Here it is important to note these cybercriminals are making most of the ongoing trend of “the great resignation” in the United States. The money offered to these employees was mostly below USD 500,000 – which can be quite enticing for those who are quitting or are on the verge of resigning.
Therefore, based on attack vectors like phishing emails, exploitation of vulnerabilities, and now leveraging the real-time trend of great resignation – the need of the hour is to build strong security boundaries to keep the ransomware criminals at bay.
As per our cyber threat intelligence (CTI) team, here are some of the best ways through which organizations and businesses can safeguard critical data and infrastructure: