Due to the surge in “sophisticated and high-impact” ransomware attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.K. National Center for Cybersecurity (NCSC) and the Australian Center for Cybersecurity have issued joint advisories on the technology. It is used by cybercriminals to attack businesses and organizations.
In response to ransomware attacks on a wide range of industries including the Department of Defense, financial services, IT, healthcare, education, energy, charities and local government, the agency warns that ransomware tactics and technologies will “continue to evolve in 2021” .
at common bulletin boardThe agency claims that ransomware threat actors are exhibiting an “increasing technological sophistication” that is causing “an increase in ransomware threats to organizations worldwide.”
According to cybersecurity authorities in the US, UK and Australia, the top three initial infection vectors for ransomware incidents during 2021 are:
- phishing email
- Remote Desktop Protocol (RDP) exploits through stolen credentials or brute force
- Exploiting software vulnerabilities
Ransomware is often deployed when an attacker gains the ability to enter a network or execute code on a device. Unfortunately, these infection vectors have increased the level of remote operation, expanding the remote attack surface and, according to the report, “made network defenders struggle to keep pace with routine software patches.”
Additionally, the ransomware business has become increasingly specialized as the use of Ransomware-as-a-Service (RaaS) operations increases in 2021, some of which provide 24/7 helpdesk support to victims to expedite ransom payments. also do.
And, as well documented, businesses have been encouraged to open wallets by attackers who threaten to exfiltrate stolen sensitive data if the requirements are not met.
The view of CISA, NCSC and the Australian Cyber Security Center is that attacks will become more frequent as the ransomware business model continues to generate large financial returns. At the same time, the use of the RaaS model has made it more difficult to conclusively identify the cybercriminal behind a particular attack, as there may be a complex web of developers, freelancers, and affiliates.
Interestingly, authorities in the United States and Australia say they have seen a shift in which ransomware gangs are targeting medium-sized victims instead of targeting larger organizations like Colonial Pipeline and JBS Foods. This could be the result of measures taken by US authorities in mid-2021 to thwart the activities of ransomware operators involved in high-profile attacks.
Despite some law enforcement successes, the overall picture drawn by this advisory is grim, and the ransomware group will increase its impact in 2021 by:
- They target poorly defended cloud infrastructure to steal data, encrypt information, and in some cases deny access to backup systems.
- Targeting Managed Service Providers (MSPs) All clients of MSP at once.
- Attack industrial processes by developing code that affects connected business systems or disrupts critical infrastructure.
- They attack the software supply chain and use it as a way to reach multiple victims with one initial breach.
- You can have a greater impact by targeting your organization on holidays and weekends and have fewer IT support staff to handle emergencies.
For more information and advice on mitigating ransomware threats, see: Joint Cybersecurity Advisory Published by CISA, NCSC and the Australian Cyber Security Center
Editor’s note: The opinions expressed in this guest author article are solely those of the contributors and do not necessarily reflect those of Tripwire, Inc.