Making excellence a habit
Published date: |
|
Modified date: |
|
For all of us, the workplace has changed. Criminals have not been slow to identify this opportunity. Organisational threats are evolving and expanding. In 2020, the number of ransomware attacks rose by over 60% globally to 305 million.
Ransomware attacks pose a huge risk to organizations, affecting not only the availability, but in many cases the confidentiality and integrity, of your critical data. These attacks result in the encryption (and sometimes theft) of data causing huge losses of profit and reputation, driving some businesses to bankruptcy.
Even after paying the ransom, there is no guarantee that the threat actors will give your organization access to the data as promised.
How does remote working increase risk?
Remote working is expanding the security boundaries of corporate networks. Many organizations have turned to the cloud to deliver corporate applications and services that were not previously part of the IT estate. Together with the constant threat of new vulnerabilities surfacing in existing systems, means that the attack surface of an organization is constantly becoming more complex, providing more opportunity for ransomware to take hold. For example, 68% of malware is now delivered through cloud apps.
Ransomware attacks do not only target corporate giants.
According to official figures, attacks on small and medium-sized enterprises (SMEs) are becoming more common. Almost one quarter of UK SMEs say they would be forced to cease trading if faced with the losses involved in an average cyberattack.
Ransomware has evolved to adapt to new technologies and deployed defences
In 2013, one of the most prominent ransomwares, known as CryptoLocker, was executed using simple email attachments as its main method of delivery.
In 2017, the WannaCry ransomware family exploited the EternalBlue vulnerability in Microsoft Windows. Unlike CryptoLocker, WannaCry did not require user interaction for initial infection and could propagate itself to other vulnerable systems.
Recent attacks have expanded beyond attacking organisations directly, focusing on the supply chain of a business to reach their target. Kaseya VSA, a third-party remote monitoring, and management SaaS (Software-As-A Service) was compromised in early 2021. With access to the Kaseya build environment, threat actors could use the tool designed to deploy legitimate software to deploy the REvil ransomware to hundreds of Kaseya customers.
How ransomware is evolving in 2022 in response to remote working
New vulnerabilities associated with hybrid working are incorporated into successful ransomware attacks targeting the distributed workforce. For example, Night Sky is a ransomware attack that targets VMWare Horizon systems using the recent Log4Shell (CVE-2021-44228) vulnerability disclosed in December of 2021.
VMWare Horizon is typically used to provide remote corporate users with access to a company’s intranet and internal applications in a remote desktop experience. Many organisations have established or expanded their use of such software during the move to remote working in 2020/1 and the Night Sky ransomware seeks to take advantage of that trend.
Evolution of threats in 2022
If past ransomware attacks have taught us anything, it is that ransomware will continue to evolve with the ever-changing threat landscape in the coming year. As new vulnerabilities, especially those with arbitrary or remote code execution capability are discovered, the available delivery methods for ransomware increases.
Organisations that have recently introduced or expanded support for remote employees also add security challenges through the larger security boundary.
The necessity of controls to limit the influence of personal emails and devices is critical as personal devices rarely have the same level of security. When personal devices are connected to the corporate network, they create a new entry point for ransomware if not properly safeguarded.
What should your organisation do to protect itself?
With a predicted increase in ransomware attacks in 2022, it is vital for organisations to review and strengthen their security to mitigate ransomware attacks before criminals can take advantage of new vulnerabilities. The aim should be an holistic, defence-in-depth security approach aligned with industry standards. There should be regular internal security assessments, proper user security training and policies, and technical security controls such as EDR (Endpoint Detection and Response).
Organisations must also ensure that external partners and service providers are contractually required to maintain equally strict security policies and procedures. Third-party assessments to identify unknown weaknesses in the organisation’s information technology enterprise can prove crucial as they provide an unbiased external view of your organisation’s security state.
If you need to secure your organisation against cyber threats like ransomware, BSI Digital Trust can safely manage and secure your customers’ information, strengthen your information governance and safeguard your critical infrastructure.
You’ll find a comprehensive list of standards for IT and cyber security here.
Read more about ransomware and how to minimise risks:
A spike in ransomware attacks is predicted in 2022 - what to do right now.
Five ways your business could be held to ransom in 2022.
Click here to provide feedback
You're seeing this article for free as
part of the Member Portal's public
article bank.
You can access Premium articles,
industry news, as well as the
Update Standards and Knowledge
Centre services by becoming a
BSI member.
All the services are updated
regularly, helping you get even
closer to industry experts and the
knowledge you need to do your job.
