By Mousume Roy, Contributing Writer, HCL Technologies Ltd.

 

Ransomware attacks have held the world hostage recently. Be it Russia’s deliberate hacking of Viasat’s KA-SAT network or North Korea’s WannaCry wreaking havoc on computer systems around the world, cybercriminals have become brazen at executing this type of cyber warfare.

Ransomware hit 66% of organizations in 2021, up from 37% in 2020, which is a 78% increase over a year. There was a near threefold increase in the percentage of victims paying ransoms of $1 million.

“Ransomware attacks have gone way beyond fear and disruption, it’s a profit making business pursuit where aggressive extortionists have built a complete business model—subscribing to “Ransomware as a Service (RaaS)”, working as a global syndicate sharing profits, double charging victims for data recovery and data secrecy—making it a very organized crime business”, said Amit Jain, EVP and Global Head, Cybersecurity & GRC Services, HCL Technologies.

 

Top threat actors and attack types

State of Cybersecurity

Source: The State of Cybersecurity Report 2021 published by ISACA in partnership with HCL Technologies

 

So, what’s next for ransomware actors?

Ransomware in the cloud

The cloud has become a money-spinning target for cybercriminals. Accelerated public cloud adoption and the boom of cloud services, such as those offered by Microsoft Azure and Amazon Web Services, have increased the value of attacking organizations’ cloud infrastructures.

Cloud computing and its multiple service models, such as –Software as a Service (SaaS) Databases as a Service (DBaaS), Platform as a service (PaaS), and Infrastructure as a Service (IaaS/virtual machines) have enabled businesses to move beyond on-prem IT infrastructure for enhanced storage and work process flow. Despite the clear benefits of adopting the cloud to transform business outcomes, security, and regulatory compliance risks remain top priorities during cloud migrations.

According to the Verizon Data Breach Investigations Report (DBIR), cloud security breaches have surpassed on-premise breaches for the first time in history. A year ago, Cloudstar, a cloud-hosting and data security provider that has five data centers  supporting 42,000 title and settlement professionals across the U.S became the target of a sophisticated ransomware attack. The impact of the attack resulted in the blockage of Cloudstar’s system, and the incident was termed as ‘a national emergency’ by industry experts.

In most cases, cloud data gets exposed to ransomware either via ransomware-infected file-sharing services, malware targeting cloud vendors, or ransomcloud attacks. Jigsaw, Petya, and RANSOM_CERBER.cad are some of the cloud ransomware variants that bypass cloud protection to reach and infect as many systems as possible.

Managing cloud extortion requires a more agile crisis management response focused on business and security alignment. Organizations need to prioritize a balance between business strategy, cyber security investments, and ongoing user education to improve cyber defense”, said Renju Varghese, Fellow & Chief Architect, Cybersecurity & GRC Services, HCL Technologies.

State of Cybersecurity

Source: The State of Cybersecurity 2021 Report by ISACA and HCL Technologies 

The rise of attacks on business service providers’

5 service providers attacks

  • DDoS Attack
  • Encryption Hijacking
  • Lawful Interception
  • Rogue Devices
  • VoIP Vulnerabilities 

Due to the nature of their business, service providers are a prime target of ransomware attacks. The rise of the COVID-19 pandemic highlighted the importance of service providers for providing essential networks for remote work, education, online shopping, and entertainment. 

Ransomware hackers saw this as an opportunity to target service providers, in order to get hold of users’ information, instead of directly hacking an organization’s data. Denial-of-service (DDoS), brute force, encryption hijacking, manipulation of algorithms, and VoIP vulnerabilities are some of the prevalent attacks that service providers have to defend themselves against.

Portuguese Media Group ImpresaTelecom Argentina and Orange are recent examples of service providers that have experienced  ransomware attacks.

The cybersecurity authorities of the UK, US, Australia, Canada, New Zealand recently released a joint Cyber Security Advisory (CSA), as a response to this uptick in malicious cyber activity targeting managed service providers (MSPs), which  also provides information onhow to mitigate the risk of falling victim to a cyber-intrusion.

The game of double/triple extortion

Double extortion ransom is a growing trend. A leading public university reportedly paid over $1.14 million in Bitcoin to recover its encrypted files and have the stolen data deleted.

Simply put, in double extortion cybercriminals demand one payment to decrypt the files and another not to make them public. Even if a victim restores their data from a backup, the extortionist still has the edge of leaking the data, making data recovery and damage limitation plans redundant. Further to publicly posting data, cybercriminals also sell stolen data in dark web marketplaces for additional profits.

Embedding security in the face of a threat landscape

Security leaders are caught between an aggressive threat environment that includes; phishing campaigns, an explosion of cyber-physical systems, unrealistic business expectations, and financial constraints.

To effectively mitigate the regulatory, financial and reputational damage caused by cyber-attack, organizations must move from a reactive to a proactive state of cyber security.

Advancements in technologies like Next-Generation Security Controls, Artificial Intelligence (AI), automation, and rapid adoption of IoT have created a highly complex environment for organizations. Staying ahead of perpetrators requires gaining critical insight into attack activity worldwide, adopting a flexible security solution, enabling cybersecurity training and awareness, and increasing cybersecurity budgets, to help integrate widely distributed and disparate security services.

Security operations and approach

  • 89% reported a positive impact of cybersecurity training and awareness programs on employee cyber awareness

  • 65% indicated that their organizations currently assess its cyber maturity

  • 48% indicated their cybersecurity teams reports to a CISO

  • 33% surveyed said their organizations have adopted a SASE or a Zero-Trust strategy as a result of the pandemic

  • 41% indicated an increase in their organization’s cybersecurity budgets in the next 12 months

Source: The State of Cybersecurity Report 2021 published by ISACA in partnership with HCL Technologies.

For more information about HCL’s Dynamic Cyber Security and how to mitigate the ever-growing ransomware risk, read these articles authored by some of our top cybersecurity team members.