2021 was the year that ransomware wreaked havoc on both individuals and organizations. Most of us have heard of businesses who have been hit with ransomware attacks, but did you know the cost of attacks continue to increase every year? A recent example is a US Insurance company, CNA Financial, that reportedly paid a ransom of $40m in 2021 (Bloomberg). More than just the financial costs a ransomware event can also cripple a business for weeks with the average downtime of an attack reported to be 21 days (Coveware). The success of extracting large sums of money from individuals and corporations mean ransomware attacks are big business for cyber criminals, so as we begin 2022, we’ve highlighted trends to watch out for to reduce the chance of being a victim of a breach.
Ransomware Trends
Ransomware as a Service - RaaS
These days we're all familiar with "pay-as-you-use", or "as a service" offerings, with many of us using these every day with services like Microsoft 365 for our e-mail, office applications and anti-spam, or Amazon Web Services and Microsoft Azure for our server infrastructure. Cyber criminals also see the benefit of this “as a service” approach and in 2021 we saw the rise of Ransomware as a Service (RaaS). Individual cyber criminals no longer need to write their own software, instead they can pay a provider and use an existing ransomware platform to launch a campaign, paying a subscription fee or a percentage of profits from the activity.
Data Exfiltration
Hackers are increasingly spending time in an environment hiding their presence and exfiltrating data out of a company before activating the ransom. This becomes particularly effective if the target hosts sensitive PII (Personally Identifiable Information) such as Social Insurance Numbers, Credit Card numbers, financial, or medical records of employees or clients. With this type of personal information, the cyber criminal can charge an even higher ransom, not just to decrypt files, but also to not leak that private information onto the dark web. This leads to another trend: Name and Shame, where criminals exfiltrate data and then threaten to publicly name their victims to damage the reputation and brand of the business. This is particularly effective with financial and medical information.
Targeting unpatched systems
Zero-day vulnerabilities are real. We read about them all too often, however most cyber attacks do not use zero-day vulnerabilities and instead use long known vulnerabilities that have not been patched. This type of attack is avoidable by ensuring systems are patched on a regular on-going basis.
Phishing
Phishing is still a common method of infection. With Phishing, an attacker will try to manipulate an employee to click on a link or to supply information which will lead to a compromise. There are simple ways to avoid becoming a victim of phishing, one of which is ensuring employees receive regular Security Awareness Training so they know what to look for and how to act when presented with a potential phishing e-mail/text or call.
Supply Chain Attacks
When a cyber criminal attacks a trusted 3rd party service provider, they not only compromise the service provider, but also jeopardize the security of all the organizations that use that providers software. The attacker can infect software with malicious code, which can then infect the organizations that use the infected software.
These are some of the trends we have seen recently and unfortunately without taking the necessary steps to protect against them we expect these to continue into 2022, with new and more refined methods of attack inevitable.
What can you do to minimize your company’s risk of a ransomware attack?
Patching - Your IT team or Managed Service Provider must be patching all systems in your environment on a regular basis, and they should be continually aware of new vulnerabilities and complete out of band updates when a critical patch is released outside of the regular patching window. It’s not just systems that need to be patched, but also third-party applications that can become vulnerable and must be regularly updated to remain secure. Make sure that as part of your monthly updates you are provided reporting that documents that patching is occurring and is successful with any errors found being addressed promptly.
Using Actively Supported Operating Systems – All systems in your environment must still be supported by the vendor (Microsoft for example). If a system has passed end-of-life it can no longer receive updates and is therefore a security risk as it provides an easy entrance for a cyber criminal to access your business. Develop a plan to retire systems that are no longer necessary or to upgrade end of life systems onto supported versions to ensure that they can be secured.
Backups – Often the only way for data to become accessible following a ransomware event will be through restoration from a backup. Unfortunately, even if the ransom is paid there is no guarantee that decryption will be successful. As such it is critical to have frequent back ups of all critical data, with test restores conducted regularly. Backups should also be stored offsite in secure cloud locations to ensure that if your environment is compromised, hackers are not able to delete backups, which is a typical behavior to increase the value of decryption.
Multi-Factor Authentication – Deploying MFA in your environment will make it significantly harder for a hacker to gain access and therefore control your data. Even if a password becomes compromised it cannot be used to gain access without the added MFA security step.
Security Awareness Training – Even when you invest in all the above you can still be at risk from human behavior. It is critical to educate your users, so they are aware of what to look for and how to act when presented with a situation where a cyber criminal is trying to use them to infiltrate your business.
At Summit Systems we always take a security first approach and provide ongoing Security Awareness Training to all our clients’ employees. If you’d like to chat about your business and the security risks you face today get in touch, we’re here to keep you safe!
