It’s not just that ransomware attacks have increased dramatically compared to the previous year and the ransom sums continue to skyrocket. Cyber criminals are also increasingly targeting critical infrastructures and attempting to optimize their campaigns and cause maximum damage by attacking the software supply chain. These are the results of the security company Barracuda Networks, which has evaluated 121 ransomware incidents over the past 12 months – an increase of 64 percent within one year.
Many of the attacks were carried out by well-known ransomware gangs, including REvil with 19 percent of the investigated attacks and DarkSide with 8 percent. It can be observed that the criminals no longer limit themselves to spreading their malware via malicious links and attachments. The attack patterns are evolving: First, the attackers use phishing attacks to steal login data and then use them to attack the web applications used by the victim. If an application is compromised, ransomware and other malicious code can be smuggled in.
The pandemic-induced trend towards home offices has played into the hands of criminals: Web portals through which remote workers can access the company network may also allow unauthorized access. Potential gateways describe the top 10 OWASP threats to application security. Working through them reduces the risk of a successful attack. It is also dangerous to only use one VPN for remote workers. Because a lot of login data in the form of leaked passwords are in the dark web, writes Barracuda. This is how the attack on the Colonial Pipeline took place in May, in which hackers used a compromised password to gain access to the network via a VPN account.
Cyber criminals are willing to negotiate
There has been a dramatic increase in ransom demands – the average demand is now $ 10 million. Two interesting observations in this regard: First, criminals are starting to offer alternative payment methods as Bitcoin is increasingly the focus of law enforcement agencies. The REvil gang swung around to Monero. On the other hand, cyber criminals are apparently ready to negotiate as far as the amount is concerned. A win-win situation: the criminals agree to get any money at all, the victim companies use their options to save millions. JBS negotiated a ransom payment from $ 22.5 million to $ 11 million, and German chemical distributor Brenntag reduced the required amount from $ 7.5 million to $ 4.4 million.
Do you already know the free one iX-Newsletter? Register now and do not miss anything on the monthly publication date: heise.de/s/NY1E The next issue will be about the title topic of the SeptemberiX: How does Low Code perform in practice?
However, companies are increasingly refusing to respond to ransom demands, reports Barracuda Networks, which, along with the intensified fight by law enforcement agencies against the extortion industry, is an “encouraging sign”. In order to protect against such attacks, the author of the study recommends firstly protecting access data through awareness training for employees, but also through technical measures such as multi-factor authentication, and secondly securing all infrastructure access points and SaaS applications, for example through zero trust concepts , and thirdly, data backup of all critical information with disaster and recovery functions. Further details on the study can be found in a Blog post from Barracuda Networks.