CS Nov-Dec 2023
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ansomware<br />
Michael Smith, Vercara: ransomware is<br />
having "catastrophic consequences on<br />
critical national infrastructure".<br />
Carlos Morales, Vercara: impractical to<br />
believe you can seal up all entry points.<br />
become victims of this kind of attack."<br />
CRIMINALS GO FOR THE JUGULAR<br />
September marked 10 years since Crypto-<br />
Locker, the first ransomware campaign to<br />
successfully blend encryption, peer-to-peer<br />
controls, social engineering and cryptocurrency,<br />
first appeared. "This toxic brew<br />
proved to be extraordinarily successful," states<br />
Sophos, "netting the attackers 31,000 Bitcoin<br />
[at that time, over $4 million US] in the first<br />
four weeks, ushering in the modern era of<br />
day-to-day financial e-crime."<br />
Since then, says the company, ransomware<br />
has flourished, with attacks accounting for<br />
69% of incident response cases in the first half<br />
of <strong>2023</strong>. "Comparing 2022 to the first half of<br />
<strong>2023</strong>, the time from the start of ransomware<br />
attacks to detection shrank from a median of<br />
eight days to just five." The median time from<br />
data exfiltration to ransomware deployment<br />
was just 21 hours, while, for exfiltrated data,<br />
the median time until it was publicly posted<br />
was just a little over 28 days.<br />
"Ransomware has had a long history and,<br />
while CryptoLocker is just one of many<br />
inflection points, it's an important one when<br />
we look at the model ransomware follows<br />
today-encrypting data and then demanding<br />
cryptocurrency to decrypt the data,"<br />
comments Chester Wisniewski, field CTO,<br />
Sophos. "Over the years, ransomware has<br />
proven itself as a tried-and-true method<br />
for extorting money from victims. Now,<br />
ransomware is an everyday part of the criminal<br />
threats we face. That's a problem, because<br />
ransomware is still a devastating type of<br />
attack; what's more, organisations have<br />
increasingly less time to minimise damage.<br />
"What we're seeing in the data from our<br />
Active Adversary reports over the past three<br />
years is an increasing mechanisation and<br />
professionalisation amongst the criminals.<br />
Not only are ransomware criminals striking<br />
the final blow in only five days, they're going<br />
for the jugular - your Active Directory<br />
infrastructure, within 16 hours or so. Plodding<br />
ransom attacks that linger for a month or more,<br />
as we saw in the early days of enterprise<br />
ransomware, are no longer the case."<br />
The UK's National Cyber Security Centre<br />
(N<strong>CS</strong>C) and National Crime Agency (NCA)<br />
have published a joint whitepaper, examining<br />
how the tactics of organised criminal groups<br />
have evolved as extortion attacks have grown<br />
in popularity with the ransomware industry<br />
developing into a sophisticated supply chain,<br />
defying western governments and leaving<br />
exposed businesses on the back foot.<br />
RISE IN CYBER-WARFARE<br />
Ransomware is having "catastrophic consequences<br />
on critical national infrastructure (CNI)<br />
and other vital services", states Michael Smith,<br />
field CTO at Vercara. "While many cyberattacks<br />
leave businesses unscathed, 18 ransomware<br />
incidents elicited a national level response or<br />
government intervention. Given increased geopolitical<br />
tensions and a rise in cyber-warfare,<br />
international leaders and governments have<br />
acknowledged this threat at a global scale<br />
and the risk it poses to crucial services. Just<br />
last year, the European Commission proposed<br />
new rules to ensure greater consistency and<br />
efficiency in cyber and information security<br />
measures across EU institutions, bodies, offices<br />
and agencies.<br />
All this data goes to highlight the scale of the<br />
challenge ahead for the cybersecurity sector,<br />
adds Smith. "Cybercriminals attack everybody,<br />
it's their means of revenue. All business leaders<br />
must assume that at some point they will be<br />
one of their targets. The criminals running<br />
these campaigns are looking to cause as much<br />
disruption as possible, with maximum impact<br />
and even bigger reward.<br />
"Earlier forms of ransomware typically<br />
resulted in downtime or unavailable data,<br />
but newer strains are emerging and threat<br />
actors are constantly changing their tactics,<br />
with some threatening a Distributed Denial<br />
of Service (DDoS) style-attack."<br />
16<br />
computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2023</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk