Making excellence a habit
Published date: |
|
Modified date: |
|
Ransomware is the most popular and rapidly growing cyberattack threatening every sector in the business community.
Put simply, ransomware is a type of malware that threatens to compromise, sell or disclose the victim's data or perpetually block access unless you pay a ransom..
In a recent trend report, the estimated cost of ransomware attacks was set to reach a record $20 billion USD in 2021. The average ransomware payment in 2021 was $570,000 USD, an increase of 82% from the previous year.
Major consequences of ransomware attacks
Ransomware attacks on the manufacturing sector can disrupt manufacturing processes and operations or supply chains. Attacks on the energy, utilities, and other industrial organizations in this vertical can significantly impact the potential for physical damage, economic disruption, or other real-life consequences such as blackouts, interruption of energy supply, and physical destruction.
The primary source of these risks is the potential compromise by ransomware of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems inside the operational technology (OT) environment.
Due to the pandemic, cybercriminals have been taking advantage of sectors that were hit the hardest, particularly the healthcare and pharmaceutical industries.
According to the latest report by HIPAA Journal published in January 2022, the top two largest healthcare data breaches in December last year were caused by ransomware attacks, resulting in the exposure and potential theft of a total of 1.28 million records.
The route to multiple victims
Compromised managed service providers (MSPs) have become a popular vector for ransomware attacks on enterprise customers. MSPs provide remote management software for companies. This ranges from simple services like file-sharing systems to complete solutions that manage a customer's entire computer fleet.
Ransomware attacks through MSPs or other technology companies are particularly productive for ransomware criminals because the success of their business model depends in part on the number of victims that they infect.
Increasing the number of infected victims increases the number of ransom payments that cybercriminals can collect. Most of the time, ransomware operators typically infect the customers of compromised MSPs via specialized remote access tools that provide trusted access to customer networks that they use to deliver their services.
Ransomware as a Service (RaaS)
This is growing fast and is a reason for the fast growth of ransomware attacks. Ransomware as a Service (RaaS) is a business model used by ransomware developers, in which they lease different ransomware in the same way that legitimate software developers lease SaaS products.
RaaS provides anyone, literally anyone with or without technical knowledge, the ability to launch ransomware attacks quickly and cost-effectively by simply signing up for a service.
RaaS kits allow cybercriminals who lack the skill or time to develop their ransomware to be up and running quickly and affordably. RaaS is a significant competitive business.
RaaS operators manage RaaS websites with support, feature updates, communities, and other benefits, run marketing campaigns on social media, have white papers, no different than a legitimate company.
Example: 2017 WannaCry ransomware, 2021 Colonial Pipeline ransomware attack
The watering holes attack
In this case, the threat actor guesses or observes which websites a specific group of users or an organization commonly visits, uses, and infects one or more of them with malware.
A watering hole attack differs from phishing and spear-phishing attacks as it aims to infect users' computers, then gain access to a connected corporate network. Cybercriminals utilize this attack vector to steal personal information, financial details, and intellectual properties and gain unauthorized access to sensitive corporate systems.
Watering hole attacks pose a significant threat to organizations because they target legitimate websites that cannot be blacklisted, and cybercriminals deploy zero-day exploits or social engineering techniques that antivirus software will not pick up.
Generally, cybercriminals will target public websites often visited or used by professionals from specific industries, such as discussion boards, industry conferences, and industry-standard bodies.
Example: 2017 NotPetya (aka: ExPetr) attack
Supply chain and "Island Hopping" attacks
This is an attack against an organization's supply or value chain to gain access to a downstream target. Generally, two major attacks focus on an organization's supply or value chain.
The "Island Hopping" attack
This is an increasingly popular cyber-attack technique used by cybercriminals in recent years. It is an advanced attack method targeting potentially vulnerable partners or elements in the value chain with potential privileged access to the actual target network.
In this attack, cybercriminals do not attack or intrude on their ultimate target organization directly. Instead, they focus on infiltrating through their trusted partners or affiliates that work with the target company. With this approach, the cybercriminals compromised the network system between the two companies through infected software updates or trusted remote access and took advantage of the digital assets.
The advantage of this attack is that it enables cybercriminals to dramatically increase the scale of their operations, infecting numerous enterprises via a compromise of just one company.
According to the research report by VMWare Carbon Black in 2020, 55% of cyberattacks target the victim's digital infrastructure for island hopping.
Example: 2013 Target data breach, 2021 Quanta Computer ransomware attack
The supply-chain attack
This is a fast-growing cyberattack tactic in recent years. The goal of a supply chain attack is to infiltrate and disrupt a weak point of a system within an organization's supply chain with the intent to cause harm. Unlike "Island hopping" attacks, supply chain attacks seek to exploit the trust relationship established from legitimate products used in normal business operations.
Both types of attacks might target more than one organization, and the objective might be to gain access or collect information on whole industries or widespread organizations or individuals. Supply chain attacks in 2021 were rising by 430% from the previous year, according to a research report by Sonatype.
Example: 2020 SolarWinds exploit
If you need to secure your organisation against cyber threats like ransomware, BSI Digital Trust can safely manage and secure your customers’ information, strengthen your information governance and safeguard your critical infrastructure.
You’ll find a comprehensive list of standards for IT and cyber security here.
Read more about ransomware and how to minimise risks:
A spike in ransomware attacks is predicted in 2022 - what to do right now.
Click here to provide feedback
You're seeing this article for free as
part of the Member Portal's public
article bank.
You can access Premium articles,
industry news, as well as the
Update Standards and Knowledge
Centre services by becoming a
BSI member.
All the services are updated
regularly, helping you get even
closer to industry experts and the
knowledge you need to do your job.
