by Peter Silva
Posted on August 29, 2023
In the ever-evolving landscape of cybercrime, the strategies adopted by ransomware groups are undergoing a significant transformation. A notable shift has been observed in the tactics used by these criminals to infiltrate systems and hold data for ransom. Historically, phishing had been the preferred method for breaching systems, exploiting human vulnerabilities to gain access.
Over the past year, ransomware actors have been increasingly gravitating towards zero-day vulnerabilities and one-day flaws to execute their attacks. This shift has led to a staggering 143% surge in ransomware victims between the first quarter of 2022 and the corresponding period this year, as highlighted in a recent report by Akamai.
The New Game: Zero-Day Exploits and Data Exfiltration
The modus operandi of modern ransomware groups is characterized by a sophisticated and calculated approach. These malicious actors either develop attack vectors internally or procure access to systems known to have vulnerabilities. Alternatively, they invest in creating or acquiring zero-day exploits specifically designed to target susceptible systems.
Once a breach is achieved, the attackers engage in data exfiltration, using the stolen information as leverage for extortion. Unlike the traditional approach of encrypting data and demanding payment for decryption, they now opt for a more insidious tactic. Rather than locking the data, they threaten to expose it, potentially auctioning sensitive information to the highest bidder if their demands are not met. And often, even if they are.
The Evolution of Defensive Measures
The corporate response to ransomware threats has also evolved over time, reflecting a growing awareness of the need for proactive defense. Organizations have invested in enhancing their data backup and recovery strategies, thereby reducing the operational impact of potential ransomware attacks. While this countermeasure has proven effective to a certain extent, it falls short of preventing the exposure of sensitive data.
In response, ransomware groups have adjusted their tactics by focusing on the threat of data exposure in addition to encryption. Consequently, even with a robust backup system in place, the risk of data that is proprietary or protected by privacy regulations circulating illicitly on the dark web remains a pressing concern.
The Expanding Ripple Effect
The repercussions of a successful ransomware attack extend far beyond the immediate victim. Ransomware groups have demonstrated a growing tendency to not only target organizations directly but also to reach out to the victim’s customers. By informing these customers about the data breach, the attackers amplify the impact of their actions, creating a ripple effect of distrust and insecurity that resonates throughout entire networks of stakeholders. Add to that, victims are now nearly six times more likely to be targeted again within the first three months, highlighting the alarming speed at which information spreads within criminal circles.
The Unanticipated Targets
Contrary to popular assumptions, ransomware attackers do not focus primarily on high-profile, well-known entities. Instead, they often exploit vulnerabilities within smaller organizations that may have weaker cybersecurity defenses and are therefore easier targets. A telling statistic from Akamai’s report reveals that approximately 65% of ransomware victims are businesses with less than $50 million in annual revenue. In contrast, large corporations with over $500 million in revenue account for a mere 12% of victims. This pattern challenges dominant notions about the targets of ransomware attacks and underscores the critical importance of cybersecurity readiness for organizations of all sizes.
Identifying Vulnerable Sectors
Certain sectors have emerged as prime targets for ransomware groups due to their susceptibility to attack. Manufacturing, constituting around 20% of all ransomware targets, has witnessed a particularly high rate of attacks. Manufacturing is not necessarily being targeted more: it’s that attackers have recently enjoyed greater success within the vertical.
The second most targeted sector is business services, comprising 11% of victims, indicating that here, too, there are likely to be vulnerabilities within the supply chain. Retail follows closely behind with 9% of victims, underscoring the critical need for bolstering cybersecurity in these industries.
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.
Cybercriminals love the multiplier effect they get from attacking law firms: Hack in, and they get firm data PLUS juicy confidential client info.