The first half of 2021 saw a dramatic increase in the volume and complexity of attacks against individuals, organizations and increasingly critical infrastructures.
Mid-year from FortiGuard Lab Global threat landscape report found that ransomware increased more than tenfold in the past 12 months.
“Most of this criminal activity is generated by ransomware revenue, and it is fueled by the growth of ransomware-as-a-service (RaaS),” says Derek Manky, Chef, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs.
He adds that several malicious actors have expanded their reach by selling access to already compromised corporate networks, making it even easier for criminals to get a foot in the door.
And that’s not the same anymore, Manky notes. “Cyber criminals have improved their game and pose an existential threat to many organizations.”
He says high-profile ransomware attacks on Colonial Pipeline and JBS, following the attack on SolarWinds’ supply chain, affected millions of people.
“And the supply chain attack against Kaseya VSA, an MSP, changed the game even further as it resulted in downstream customers being affected as well.”
The telecommunications sector has borne the brunt of this surge in the past six months, followed by government agencies, managed security service providers, and the automotive and manufacturing industries.
Not only has the volume of ransomware attacks increased, but attacks are also evolving. Attackers have added levels of extortion to trick victims into turning themselves upside down.
This includes combining encryption with doxing or the threat of public disclosure of internal data, adding a DDoS attack to create additional confusion and panic, and now reaching out directly to a victim’s customers and advocates so that they can add the victim pressurize to cough up.
Identify OT vulnerabilities
The report shows that the number of malefactors is also steadily increasing, identifying vulnerabilities in operational technology (OT) and building them into exploit tools that they sell on the dark web.
“The result is that script kiddies are now almost as likely to find and exploit your exposed OT devices as the handful of advanced groups explicitly targeting unprotected and unpatched ICS. This puts your OT systems at increased risk simply because of the growing volume of attacks, ”he explains.
‘Script Kiddies’ is a term used to describe a person who uses existing computer scripts or codes to hack into computers because they lack the expertise to write their own.
Manky also says that when looking at ransomware activity across all sectors, it becomes clear the danger that ransomware actors are trying to inflict on OT environments. “Some of the top industries are operational technology industries. From automobiles and manufacturing to energy and transportation. “
Interpol and the White House have responded – the former with their first global forum on ransomware and the latter with the announcement of an intergovernmental task force to develop and coordinate defensive and offensive measures against the Scourge.
The solutions discussed range from revising cybersecurity regulations to updating security infrastructures to rewards for identifying threat actors. In addition, these are organizations that focus on sharing information and insights – like the Center for Cybercrime (C4C) of the World Economic Forum and the Cyber Threat Alliance (CTA) – are increasingly working with industry, government and law enforcement agencies.
‘The most important finding is that everyone has a role, ”says Manky. “Organizations are encouraged to support these efforts wherever possible and to join the partnership efforts. In addition to adopting new policies, they should also work with cybersecurity vendors who are part of industry alliances and who work closely with government agencies and law enforcement agencies as they allow us to further align our forces to defeat our cyber adversaries. “