Johannesburg, 29 Mar 2023
Ransomware is still on the rise, but many organisations admit that they do not publicly disclose attacks.
This is according to Arctic Wolf security experts, who were addressing a webinar on cyber security trends and forecasts this week.
Outlining the findings of Arctic Wolf research among cyber security professionals around the world, Jason Oehley, regional manager at Arctic Wolf South Africa, said: “Ransomware is a trend that’s here to stay. 42% of organisations surveyed suffered a ransomware attack in 2022, and 48% see ransomware as a top concern. Phishing and Business Email Compromise were also top concerns, each ranked as a key issue by 33% of respondents.”
After a ransomware attack, 26% of survey respondents took a hardline stance and did not pay the ransom at all, 11% allowed an insurance provider or other party to pay, 41% paid in full, and 22% agreed to only pay a portion of the ransom, as negotiated with the attackers.
72% of respondents that admitted to suffering a breach chose not to disclose this information, and 28% made only some aspect of their breach known. In South Africa, 42% of respondents experienced a breach and only 24% disclosed it. Fear of reputational damage and policy changes were the top reasons they did not disclose breaches.
Andre den Hond, senior systems engineer at Arctic Wolf South Africa, said the average ransomware demand in 2022 was around $500,000. “What we are seeing is that the demands vary across industries based on factors like the sector, size of the organisation and even the insurance policy maximum payout,” he said.
Den Hond highlighted other key trends, including a significant increase in Ransomware-as-a-Service (RaaS) which shields the identities of the threat actors, and increased collaboration between ransomware groups. “There is a lot of connection taking place between these ransomware groups. Through blockchain analysis of the payments taking place, we have established that there are connections between the ransomware groups. We also see ‘re-extortion’ in which ransomware attackers leave a backdoor open after an initial ransomware attack, and so enable other attackers to carry out another attack,” he said.
Business email compromise is also increasing, den Hond said. “These attacks are difficult to detect as they seldom use malware or malicious URLs which can be detected by standard cyber defences. The most targeted industries are finance, insurance and business services, and common techniques include impersonating the CEO or an executive or specific vendors. We are also seeing BEC attacks targeting sensitive data such as HR, or impersonating attorneys.”
Den Hond said common threat actor tactics, techniques, and procedures (TTPs) took advantage of PowerShell, Multi-Stage Channels, public facing applications with remote code execution vulnerabilities, and multi-factor authentication request generation.
“Despite there being over 3000 security tools in the market, organisations are not improving their security posture and the number of attacks is increasing,” he said.
The missing pieces in the puzzle included improving the effectiveness of security processes and tools, and obtaining access to skilled resources.
Oehley said Arctic Wolf research had found that 53% of respondents plan to update or increase their cloud security in the coming year – 31% more than a year ago.
Globally, 68% identified staffing related issues as their number one threat in achieving their security objectives. 32% are having difficulty hiring and retaining staff, and 36% feel their current staff lack the expertise needed for their goals.
He said: “In South Africa, a lot of customers are looking at cloud as an option for uptime and mobility amid load shedding, and 58% are looking at upgrading or increasing their cloud security. However, this impacts staffing and complexity. South African organisations are also looking at updating or replacing around four of their security tools. 24% of respondents list ‘building a culture of security awareness’ as an urgent concern driving their cyber security strategy, and 40% are looking to implement a security awareness programme.
To improve the overall security posture, Den Hond advised organisations to understand their overall attack surface with a full inventory of assets; monitor critical log sources, implement multi-factor authentication, a Zero Trust security strategy, and understand shared responsibility in the cloud.
Den Hond and Oehley noted that Arctic Wolf delivers security operations across managed detection and response, managed risk and managed security awareness. Arctic Wolf’s open XDR architecture delivers broad visibility across the entire attack surface.
Share