Cybercriminals attacked enthusiastically in the first half of 2021 and the attacks show no signs of slowing down. During the first half of the year, malicious actors exploited dangerous vulnerabilities on various types of devices and operating systems, leading to major attacks that shut down fuel networks and extract millions of businesses.
These were among the results of a mid-year security audit from Trend Micro, which detected 7.3 million ransomware threats in the first six months of 2021. Despite the high-profile coverage that ransomware have received so far, detections have actually declined by 50% year over year. year.
However, the attacks that occurred in the first half of 2021 were very sophisticated, targeted and complex, making them more damaging to victims.
Bank targeted by ransomware
The banking industry has been disproportionately affected, seeing a 1,318% year-over-year increase in ransomware attacks in the first half of 2021, while other industries have found themselves in the spotlight , including government and manufacturing.
Timur Kovalev, chief technology officer at Untangle, a network security provider for SMEs, explained that cybercriminals have found their “sweet spot” with government, manufacturing, banks and critical infrastructure.
“Previous ransomware attacks have stolen or accessed data and held it hostage while demanding ransom and threatening to disclose or sell the data,” he said. “Malicious actors have recently targeted specific businesses where they can seriously disrupt services and society in general, knowing that those entities will pay the ransom to get the services up and running as soon as possible. “
Kovalev pointed out that ransomware attacks are increasing because companies pay the ransom.
“It was reported that JBS paid $ 11 million in ransom. The Colonial Pipeline also paid a ransom of $ 4.4 million, although much of it was returned, ”he said. “Cybercriminals see the big payoffs and this encourages them to strike more often and on bigger, more lucrative targets.”
Stefano De Blasi, Cyber Threat Intelligence Analyst at Digital Shadows, a provider of digital risk protection solutions, agreed that attacks targeting government, manufacturing and banking organizations are becoming more frequent and intense due to the potential high payout.
“You have to remember that the top priority for cybercriminals is just to get paid at the end of an offensive operation,” he said. “They are able to monetize more effectively when target organizations hold sensitive information and cannot afford any downtime due to production needs. “
Over the past 18 months, De Blasi noted, ransomware operations have become more frequent and profitable than ever. During this period, a few ransomware groups have managed to establish well-organized ransomware as a service (RaaS) programs and become renowned players in the threat landscape, he noted.
“On the other hand, although we have observed dozens of other smaller ransomware groups appearing on the scene, these groups often struggle to establish sustainable operations when competing with technical and financial resources. established RaaS programs, ”he said.
Kovalev explained that when it comes to cryptocurrency miners – which have become the most detected type of malware, according to the Trend Micro report – hackers have started asking for payment in the form of cryptocurrency because they can transport large amounts of money across international borders. in seconds.
“The ease and speed of transactions, coupled with the lack of traceability, has made it the go-to solution for ransomware hackers,” he said. “Because cryptocurrency exchanges often take place abroad, government regulatory power and the law enforcement of transactions are limited.”
Additionally, many of these cyber thieves live outside the United States in countries like Russia, making it even more difficult to track them down or catch them red-handed.
Lower the barrier to entry
De Blasi added that not only is this malware relatively cheap and easy to use, but some listings also offer the option of having the malware already installed on a victim’s machine.
“This mechanism has increasingly lowered the barrier to entry and prompted many inexperienced players to use this malware as a side activity,” he said. “Not surprisingly, security professionals often spot these unsophisticated players because of their inability to cover their tracks. “
Kovalev noted that while ransomware attacks continue and ransom amounts demanded are increasing, there are several defensive steps businesses and governments can take to help prevent ransomware attacks in the future.
“First and foremost, companies shouldn’t pay the ransom,” he said. “Law enforcement encourages organizations not to pay cybercriminals a fee, as this encourages more attacks.”
Kovalev also called for more coherent policies for international cooperation.
“It’s time to recognize that this is an international problem and that the most effective way to stop ransomware is to develop a comprehensive solution,” he said. “Business and government leaders need to work together to easily share information, craft deals to prosecute cybercriminals, and impose sanctions on rogue countries that harbor cyber hackers. “
He added that to fight the attacks, large companies that could be targeted could start adding cryptocurrency and blockchain specialists to their security teams.
“Those with investigative and tracing skills may soon be in high demand by law enforcement and businesses,” he said.
De Blasi said security teams can increase the robustness of their defensive strategies by making themselves a tough target.
“Cybercriminals are generally opportunistic and financially motivated actors who target the fruits at hand,” he said. “Therefore, by following basic cybersecurity hygiene best practices and sticking to their threat model, security teams are more likely to adopt a proactive and agile posture that would put them in a much better position. “
He warned that cybercriminals are constantly improving and updating their Tactics, Techniques and Procedures (TTPs) to stay ahead of security professionals, and have now reached an “impressive” level of sophistication in their operations.
“Keeping up with the pace of the threat actors is a daunting task for every security team and can often lead to shock play,” said De Blasi.