CS Nov-Dec 2023

ansomware
Michael Smith, Vercara: ransomware is
having "catastrophic consequences on
critical national infrastructure".
Carlos Morales, Vercara: impractical to
believe you can seal up all entry points.
become victims of this kind of attack."
CRIMINALS GO FOR THE JUGULAR
September marked 10 years since Crypto-
Locker, the first ransomware campaign to
successfully blend encryption, peer-to-peer
controls, social engineering and cryptocurrency,
first appeared. "This toxic brew
proved to be extraordinarily successful," states
Sophos, "netting the attackers 31,000 Bitcoin
[at that time, over $4 million US] in the first
four weeks, ushering in the modern era of
day-to-day financial e-crime."
Since then, says the company, ransomware
has flourished, with attacks accounting for
69% of incident response cases in the first half
of 2023. "Comparing 2022 to the first half of
2023, the time from the start of ransomware
attacks to detection shrank from a median of
eight days to just five." The median time from
data exfiltration to ransomware deployment
was just 21 hours, while, for exfiltrated data,
the median time until it was publicly posted
was just a little over 28 days.
"Ransomware has had a long history and,
while CryptoLocker is just one of many
inflection points, it's an important one when
we look at the model ransomware follows
today-encrypting data and then demanding
cryptocurrency to decrypt the data,"
comments Chester Wisniewski, field CTO,
Sophos. "Over the years, ransomware has
proven itself as a tried-and-true method
for extorting money from victims. Now,
ransomware is an everyday part of the criminal
threats we face. That's a problem, because
ransomware is still a devastating type of
attack; what's more, organisations have
increasingly less time to minimise damage.
"What we're seeing in the data from our
Active Adversary reports over the past three
years is an increasing mechanisation and
professionalisation amongst the criminals.
Not only are ransomware criminals striking
the final blow in only five days, they're going
for the jugular - your Active Directory
infrastructure, within 16 hours or so. Plodding
ransom attacks that linger for a month or more,
as we saw in the early days of enterprise
ransomware, are no longer the case."
The UK's National Cyber Security Centre
(NCSC) and National Crime Agency (NCA)
have published a joint whitepaper, examining
how the tactics of organised criminal groups
have evolved as extortion attacks have grown
in popularity with the ransomware industry
developing into a sophisticated supply chain,
defying western governments and leaving
exposed businesses on the back foot.
RISE IN CYBER-WARFARE
Ransomware is having "catastrophic consequences
on critical national infrastructure (CNI)
and other vital services", states Michael Smith,
field CTO at Vercara. "While many cyberattacks
leave businesses unscathed, 18 ransomware
incidents elicited a national level response or
government intervention. Given increased geopolitical
tensions and a rise in cyber-warfare,
international leaders and governments have
acknowledged this threat at a global scale
and the risk it poses to crucial services. Just
last year, the European Commission proposed
new rules to ensure greater consistency and
efficiency in cyber and information security
measures across EU institutions, bodies, offices
and agencies.
All this data goes to highlight the scale of the
challenge ahead for the cybersecurity sector,
adds Smith. "Cybercriminals attack everybody,
it's their means of revenue. All business leaders
must assume that at some point they will be
one of their targets. The criminals running
these campaigns are looking to cause as much
disruption as possible, with maximum impact
and even bigger reward.
"Earlier forms of ransomware typically
resulted in downtime or unavailable data,
but newer strains are emerging and threat
actors are constantly changing their tactics,
with some threatening a Distributed Denial
of Service (DDoS) style-attack."
16
computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk