Modern Attack Methods Jeopardize Cybersecurity Strategies
For years, cybercriminals have kept up a steady campaign of ransomware attacks, largely by introducing new malware components that threaten to take down entire systems. Statista says 71% of businesses have been victimized by ransomware in 2022 — and hackers show no signs of stopping.
But while malware continues to evolve, the biggest change in today’s attacks is being perpetuated by the hackers themselves. They’re using new malicious techniques to eliminate companies’ ability to plan and communicate, which can ultimately produce a more lethal attack.
One of hackers’ recent methods is to use three to four different chains of attacks simultaneously. Coordinated attacks involving phishing, spam, spoofing, and social engineering open up multiple threat vectors, making it more difficult for a company to respond. But it doesn’t stop there. Methods like intermittent and temporal encryption pose large threats to organizations because they create data quality issues and allow threat actors to use subtle tactics to move under the radar.
The best defense is to prepare for the worst: adopt zero trust architecture and build a strategy around fast responses. There’s a greater than ever need for software and applications to fight at light speed against cyber-breaches. But to ensure defense success, let’s first look at a few of the latest threats.
Intermittent encryption, or partial encryption, is a new technique threat actors are using to evade detection and corrupt targets’ files more quickly. It’s efficient and deceptive. Encrypting files takes a long time, so cursory data analyses can usually flag malware activity going on under the surface. But new attack methods enable hackers to encrypt parts of files on an intermittent basis, keeping CPU usage low and making it harder for conventional and behavior-based ransomware tools to spot underhanded behavior.
Fileless Attacks Avoid Detection
Another way of evading detection is to employ fileless techniques while deploying ransomware. This is the way advanced persistent threats and nation-state attackers often operate. The attacks they deploy use legitimate, publicly available software tools that can be found in a target’s environment. Threat actors can slip by if they avoid using process names or file hashes that have already been flagged as dangerous indicators.
Vulnerabilities in VoIP
The popular “Lorenz ransomware” attacks have tapped a vulnerability that had been used in voice-over-IP devices as an onramp into corporate phone systems and computer networks. Experts say the Lorenz group has pursued the “double exploitation” tactic: selling the data it steals and offering access to victims’ systems to other online attacker groups.
Cybercrime as a Service
The hacker community itself is diversifying. In recent years a “cybercrime as a service” sector has emerged with initial access brokers (IABs) offering the ability to breach companies, steal credentials, and sell access to other attackers. IABs sell to other ransomware operators, who outsource the collection of victims while they focus on extortion and developing their malware. In 2021, there were more than 1,300 IAB listings on major cybercrime forums monitored by the KELA Cyber Intelligence Center.
Multiple Groups Targeting the Same Victim
In KELA’s recent ransomware report, researchers reported that ransomware groups have been attacking each other’s victims over time. For example, three separate groups either claimed a hack on a U.S.-based auto dealer or disclosed identical information about the hack on their own leak sites.
Ways to Combat Ransomware
For businesses to win the ransomware battle, they need education, implementation, and remediation. The best remedy for a security breach is prevention. This can be improved in several ways.
- Education: Employees need continuing education to ensure that cyber-attackers are not being given access to data and systems they need to initiate a ransomware attack.
- The 3-2-1-1-0 rule: Offsite and offline backups are necessary to mitigate the effects of ransomware. The 3-2-1-1-0 rule requires that there should always be at least three copies of important data, on at least two different types of media, with at least one off-site, one offline, with zero unverified backups or backups completing with errors.
- Plan for remediation: Don’t pay the ransom. The only option is to restore data. Implementing a full backup and disaster recovery plan gives organizations the ability to recover data in event of a ransomware attack, minimizing the risk of financial and reputational damage.
- Build an experienced team: If there were a positive aspect of the ransomware trend is that companies are aware of the threat and willing to allocate additional resources to hire new people to work on ransomware attacks.
- Embed a continuous compliance system into your security strategy: The best continuous compliance systems link your software production system, supply chains, and data backup and recovery platforms to mobilize instant mitigation and guidance for a solution.
- Create a security-first culture: Call it zero trust or what you will, but given the high rate of human error behind cybersecurity breaches, and the need for C-suite sign-off to elevate security measures, it is crucial to foster a security-first mentality in company culture. Employees should be trained and aware of potential threats (think phishing emails or clicks) and comfortable to report any breaches immediately.
- Embrace data protection, backup, and recovery: According to the Veeam Data Protection Trends Report 2022, nearly 90% of organizations are at risk of losing precious data, with 93% unable to recover at least some of their stolen data.
Although the ransomware threat continues to rise and it becomes more challenging to detect a bad actor’s next move, organizations can still fight back and strengthen data security.