2021 Trends Show Increased Globalized Threat Of Ransomware – Expert Commentaries

The wave of ransomware across critical sectors including health, education, financial services and energy makes clear that cyber criminals have upped the ante—and attacks have gone into stealth mode. The nature of ransomware has become so destructive that it has now prompted Britain, the United States and Australia to release a rare joint alert.

“Ransomware has become so effective that many organisations have simply paid ransom, sometimes to the tune of thousands of dollars. To reduce the risk of ransomware, organisations across all sectors must implement multiple security controls. This should be a standard best practice for cyber security and will also reduce the risk of other malicious malware threats.

Security experts will continue to miss the mark with ransomware protection. Security experts continue to tout increased perimeter defense as the catch all for ransomware protection.

However, businesses that experienced an attack had perimeter defenses in place and ransomware still managed to get in and organizations that were penetrated through phishing emails had conducted anti-phishing training for employees. The threat of ransomware will only continue to rise and this alert only confirms that. It is now a matter of “if,” not “when,” an attack will occur. Given these realities, more organizations will recognize the need to protect data at the storage layer with an immutable backup copy, ultimately ensuring they can recover quickly from an attack without having to pay ransom.  

The latest wave of cyberattacks is a powerful reminder of their increasing sophistication. Driven by the pandemic and unprecedented digital transformation, in our heightened cyber threat landscape there has been a significant target shift. Cybercriminals aren’t just coming for governments, large scale enterprises and critical infrastructure, individuals and SMBs are on their radar too. The message is clear – everyone at every level needs to be prepared.  

The good news is that when it comes to cybersecurity, there are proactive things you can do to protect yourself.  

 When you receive an alert that there may have been a breach, there are three steps to take. Firstly, you should always change your account password. Leaked passwords are usually sold on the dark web or added to databases that hackers use to crack passwords. Changing a breached password ensures hackers can't log in to your account. If you were using the same password for other web accounts, those need to be changed immediately too. 

 Secondly, consider using a password manager which can help create and store strong passwords, then enter your credentials when you return to a website to log in. Some can also help you keep an eye out for suspicious activity involving your personal information on the Dark Web so you can take action accordingly. 

 Thirdly, use two-factor authentication to make your accounts more secure. This is when you use an app to generate a code or get a notification on your device and helps to prove the person logging into the account is who they say they are. Any unauthorised access therefore gets shut down in real-time.

The Joint Cyber Security Advisory confirms that we are now all facing an increased level of risk associated with the threats presented by ransomware. It stands to reason that so long as ransom payments are being made, we can expect this now highly sophisticated industry to continue to grow. With the emergence of highly professional Ransomware as a Service (RaaS) operators, the barrier to entry for criminals has never been lower. Notably, the advisory highlights the importance of AI enabled network detection capabilities and their ability to detect and mitigate ransomware attacks early in the attack phase before encryption occurs.

Much of what's in the CISA’s report reads as a continuation of attacks from recent years, with a focus on stolen RDP credentials and phishing to gain a foothold in the network as well as targeting MSPs to potentially compromise several targets at once. The shift away from so-called "big-game" targets to smaller entities because of generating too much heat from major ransomware outbreaks could spell trouble for SMEs, as ransomware groups redouble their efforts on organisations which may not have the security budget to withstand sustained, aggressive attacks.

In the Digital Age, it’s necessary for organizations to ensure a seamless flow of data across a plethora of networks, applications and storages. However, the dilemma is that it is no longer feasible, or even possible, to consider all elements of the service topology as “trusted”. Zero Trust is a critical concept because it brings security to the users, data/information, applications, APIs, devices, networks, cloud, etc. wherever they are – instead of forcing them onto a “secure” network.  

The cybersecurity industry is more difficult to navigate than ever before. Continuous data breaches and ransomware attacks which are impacting commercial entities and governmental agencies prove that network-centric approaches no longer work. The industry needs to establish standards and best practices for Zero Trust as the overarching information security approach for the Digital Age, and create models which are data- and asset-centric, as opposed to traditional network-centric approaches.

Cybercriminals are targeting organizations where it hurts most and that’s financially, which is why ransomware will continue to evolve and become the primary cyber risk.  The threat of not having access to your data or your sensitive data being spread around the internet can hurt companies financially or expose them to other legal battles such as foul play or regulatory fines.   

In the current world of remote working, ransomware continues to target employees remotely, and worse still, critical supply chains as that will not only affect one single company but all companies using that service.

In the constant game of cat and mouse, malicious actors constantly review, adapt and evolve in ways to mitigate detection, and as predicted, this year is heating up once more. The growth in underground marketplaces sharing and selling company secrets is now booming and with disastrous results making things even more challenging. Mitigation techniques are increasingly more difficult to follow with so many parts to the supply chain and an explosion in home working all amounting to a surge in attack vectors. The past two years have painted a target on the back of businesses of all sizes and no one should remain complacent. Ransomware is an ever evolving and increasing threat with staggering payouts making criminals come back for more. Robust antimalware and up to date protocols in the knowledge of what to do when, rather than if, ransomware strikes is more imperative than ever.

As world-leading cyber powers, the UK, US and Australian governments have a critical role to play in the fight against global cybercrime. A strong alliance between countries provides a clear deterrent for cybercriminals - it strengthens defences against cyberattacks and provides a clear protocol for approaching global incidents.

It is vital that governments from leading nations form these partnerships and develop collaborative strategies to mitigate the increasingly complex threat of global cybercrime. This now requires a global effort, particularly when it comes to helping countries with less developed cyber capabilities. Global collaboration ensures no single state can take advantage - a sentiment that has gained renewed importance as geopolitical tensions around Ukraine continue to ignite. Working together on joint strategies will produce benefits for all nations, not just those with the most power. 

With ransomware attacks more sophisticated than ever – and advancing by the day – unity across the world’s most powerful nations is crucial to prevent the recurrence of disastrous cyber attacks. Organisations across the globe should take note of all advice provided by the joint advisory to boost resilience against cybercriminals.