Ransomware is exploding and evolving
The first half of 2021 witnessed a dramatic increase in the volume and sophistication of attacks targeting individuals, organisations, and increasingly critical infrastructure.
FortiGuard Lab’s mid-year Global Threat Landscape Report revealed that ransomware has grown over tenfold over the past 12 months.
“Revenue generated from ransomware is driving most of this criminal activity, and it is being fuelled by the growth of Ransomware-as-a-Service (RaaS),” says Derek Manky, chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs.
He adds that several bad actors have expanded their reach by selling access to corporate networks that have already been compromised, making it even easier for novice criminals to get a foot in the door.
And this isn’t more of the same, notes Manky. “Cyber criminals have upped their game, and they represent an existential threat for many organisations.”
He says high-profile ransomware attacks on Colonial Pipeline and JBS, following hot on the heels of the SolarWinds supply chain attack, affected millions of people.
“And the supply chain attack against Kaseya VSA, an MSP, changed the game even further as it resulted in downstream customers also being impacted.”
Attacks are evolving
The telecommunications sector has born the brunt of this surge over the past six months, followed by government agencies, managed security service providers, and the automotive and manufacturing sectors.
It's not just the volume of ransomware attacks that has grown, the attacks are evolving too. Attackers have been adding levels of extortion to get victims to pony up.
This includes combining encryption with doxing, or the threat of publicly exposing internal data, adding a DDoS attack to create additional confusion and panic, and now, reaching out directly to a victim's customers and stakeholders so they will put additional pressure on the victim to cough up.
Identifying OT vulnerabilities
The report revealed that there has also been steady growth in malefactors identifying operational technology (OT) vulnerabilities and building them into exploit tools they sell on the dark Web.
“The result is that script kiddies are now nearly as likely to find and exploit your exposed OT devices as the handful of advanced groups that explicitly target unprotected and unpatched ICS. This puts your OT systems at increased risk just due to the growing volume of attacks alone,” he explains.
'Script kiddies' is a term used to describe an individual who uses existing computer scripts or codes to hack into computers, because they lack the expertise to write their own.
Also, Manky says when looking at ransomware activity across sectors it is clear to see the danger ransomware actors are attempting to inflict on OT environments. “Several of the top sectors are operational technology industries. From automotive and manufacturing, to energy and transportation.”
Interpol and the White House have responded − the former by holding its first global forum on ransomware, and the latter by announcing a cross-government task force to develop and coordinate defensive and offensive measures against the scourge.
Solutions being discussed range from revising cyber security regulations to updating security infrastructures to offering rewards for identifying threat actors. Moreover, organisations that focus on information and intelligence sharing − such as the World Economic Forum's Centre for Cybercrime (C4C) and the Cyber Threat Alliance (CTA) − are increasingly working with industry, government, and law enforcement agencies.
'They key takeaway is that everyone has a role,” says Manky. “Organisations are encouraged to support these efforts wherever possible and join the partnership efforts. In addition to adopting new guidelines, they should look to partner with cyber security vendors that participate in industry alliances and work closely with government agencies and law enforcement, as they allow us to further align our forces to defeat our cyber adversaries.”