CS Jul-Aug 2023

More documents

Recommendations

Info

ansomware attacks RANSOMWARE RAMPAGE ORGANISATIONS WORLDWIDE DETECTED 493.33 MILLION RANSOMWARE ATTACKS IN 2022, IT IS REPORTED. THE AVERAGE COST OF THESE ATTACKS WAS $4.54 MILLION, ACCORDING TO THE LATEST DATA RELEASED BY IBM The success of ransomware gangs has spurred a significant trend of professionalisation amongst cybercriminals where different groups develop specialised services to offer one another, according to a new report from WithSecure (formerly F-Secure Business). Ransomware has been around for decades, but the threat has continuously adapted to improvements in defences through the years. One notable development is the current dominance of multi-point extortion ransomware groups, which employ several extortion strategies at once (usually both encryption to prevent access to data and stealing data to leak publicly) to pressure victims for payments. According to an analysis by WithSecure of over 3,000 data leaks by multi-point extortion ransomware groups, organisations in the United States were the most common victims of these attacks, followed by Canada, the UK, Germany, France and Australia. Taken together, organisations in these countries accounted for three-quarters of the leaks included in the analysis. The construction industry seemed to be the most impacted and accounted for 19% of the data leaks. Automotive companies, on the other hand, only accounted for about 6%. A number of other industries sat between the two, due to ransomware groups having different victim distributions, with some families targeting one or more industries disproportionately to others. While the threat of ransomware has inflicted considerable pain on organisations in various countries and industries, its transformative impact on the cybercrime industry cannot be overstated, it is pointed out. States senior threat intelligence analyst Stephen Robinson: "In pursuit of a bigger slice of the huge revenues of the ransomware industry, ransomware groups purchase capabilities from specialist e-crime suppliers, in much t he same way that legitimate businesses outsource functions to increase their profits. "This ready supply of capabilities and information is being taken advantage of by more and more cyber threat actors, ranging from lone, low-skilled operators, right up to nation state APTs [advanced persistent threats]. Ransomware didn't create the cybercrime industry, but it has really thrown fuel on the fire." 493 MILLION ATTACKS Richard Massey, the vice president of sales, EMEA, at Arcserve, comments that, in 2022, organisations worldwide detected 493.33 million ransomware attacks. According to the latest data from IBM, the average cost of these attacks was $4.54 million. "Those are astounding numbers," comments Massey. "And, in response, governments are taking action. One of the actions they've taken already is forbidding payments to ransomware gangs. Recently, the US and UK announced sanctions, including a payment ban to Russia's notorious Trickbot ransomware gang. Florida and North Carolina have banned state government departments from paying ransom to cyber gangs; New York is considering similar legislation." SPLIT DECISION Massey continues: "Another action that governments are mulling is a legal requirement that companies be ransomware-ready. Is this a good idea? In a recent survey by Arcserve, respondents were evenly split on the question. They were also divided on the question of whether companies that do pay a ransom should face penalties. Those supporting penalties argue that paying a ransom encourages cybercriminals and perpetuates the problem. Those against penalties say that paying the ransom is often the only way to recover lost data and that penalising victims amounts to kicking them when they're down." These findings demonstrate the complexity of the issue and the challenges that are faced by governments and businesses addressing them, he adds. "For example, legally requiring companies to be ransomware-ready would have myriad benefits and drawbacks. On the benefit side, such laws could improve cybersecurity and limit ransomware attacks. They could reduce the financial impact on companies everywhere and inspire better consumer confidence in data security. On the drawback side, such laws would likely increase compliance costs, more regulatory complexity, and a false sense of security. 32 computing security July/August 2023 @CSMagAndAwards www.computingsecurity.co.uk
ansomware attacks While laws could establish a baseline standard for cybersecurity, that standard would be a challenge for many small and medium-sized enterprises. And besides, compliance would not be an ironclad guarantee of immunity to ransomware attacks." MOST VICTIMS PAY UP Meanwhile, according to the latest Cyber Confidence Index, from cybersecurity firm ExtraHop, 83% of victims of ransomware attacks pay up to the criminals. Whether or not these ransom payments are a good idea for those whose data is hacked, or even prevents the publication of their personal details, they do incentive criminal behaviour. This incident was seemingly caused by a vulnerability in a software supply chain, meaning a component of the application these HR teams thought they were buying was compromised, unknown to them. ExtraHop's research found that 77% of IT decision makers blame outdated cybersecurity practices for contributing to at least half of all their cybersecurity incidents. "With proper security processes in place, you can stop an attack before it develops into ransomware," says Jamie Moles, senior technical manager at ExtraHop. "Too often we see businesses fail to properly secure their networks and data, leading to breaches and stolen data. No one is exempt from ransomware gangs, which is why every business should prepare to be attacked." ATTACKS HIT HARD The recent Sophos 'State of Ransomware 2023' report reinforces all of the turmoil that is generated by ransomware attacks, finding that, in 76% of ransomware attacks against surveyed organisations, adversaries succeeded in encrypting data. This is the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020. The survey also showed that, when organisations forked out a ransom payment to get their data decrypted, they also ended up doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organisations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to just 39% of those that paid the ransom. Overall, 66% of the organisations surveyed were attacked by ransomware - which was the same percentage as the previous year. This suggests that the rate of ransomware attacks has remained steady, despite any perceived reduction in attacks. "Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes," states Chester Wisniewski, field CTO, Sophos. "Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation." When analysing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 36% of cases), followed by compromised credentials (involved in 29% of cases). This is in line with recent in-the-field incident response findings from the Sophos '2023 Active Adversary Report for Business Leaders'. MOVING IN ON MOVEIT According to the latest analysis from NCC Group's Global Threat Intelligence team, released in July, Ransomware attacks Richard Massey, Arcserve: organisations worldwide detected 493.33 million ransomware attacks in 2022. Stephen Robinson, WithSecure: ransomware didn't create the cybercrime industry, but it has really thrown fuel on the fire. www.computingsecurity.co.uk @CSMagAndAwards July/August 2023 computing security 33
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6: news Gary Barlet, Illumio. IBM EXPA
Page 9 and 10: DON’T SaaSSS GET YOUR KICKED! ! T
Page 11 and 12: ansomware WHY BEING AGILE MATTERS W
Page 13 and 14: privacy crisis an inconsistent pict
Page 15 and 16: Infosecurity Europe Matthew Syed's
Page 17 and 18: Computing Security Secure systems,
Page 19 and 20: workplace welfare within the cybers
Page 21 and 22: identity & access may cause operati
Page 23 and 24: managed services Unfortunately, man
Page 25 and 26: GDPR that bridges the gap between t
Page 27 and 28: GDPR legislation in other parts of
Page 29 and 30: AI enhance SOAR with a generative A
Page 31: cyber strategy SECURITY BY DESIGN N
Page 35: Computing Security Secure systems,

CS Jul-Aug 2023

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?