Cybercrime is getting organized. Gone are the days of lone hackers operating from back bedrooms. Cybercriminals are banding together to form businesses and using the dark web to recruit new “talent” and advertise “jobs” they’re looking to fulfil. The stakes are significantly higher for the organizations under fire due to poor cybersecurity.
About the author
Gary Cox, Director of Technology for Western Europe, Infoblox.
Against this backdrop, an age-old tactic has had a revamp. With these big, organized businesses able to now sell their hacking software and services on the dark web for profit, ransomware-as-a-service is becoming increasingly prevalent. Even the most inexperienced threat actors can buy everything they need to launch an attack. The results of these attacks can be devastating, with research showing that 34% of UK businesses are forced to temporarily close down after being hit by ransomware. For some, normal service never resumes.
Why cybercrime has become big business in our current landscape
The pandemic has created the perfect storm for attackers, with many criminal groups using COVID-19 lures to exploit both consumers’ and businesses’ concerns in an already troubled time. Phishing is still the number one tactic when it comes to stealing personal data; both explicit, targeted phishing attacks and broad attempts sent out to thousands of contacts. Where financial details used to be the jackpot for cybercriminals, now, personal data is the hottest commodity. Cyber Security Breaches Survey 2021 shows that businesses that hold personal data are more likely than average to report breaches or attacks.
Cybercriminals have not only tapped into the nation’s concerns around the pandemic – they have also capitalized on the changes that have come along with it, such as remote or hybrid working. Whilst hybrid working isn’t a totally new phenomenon, the pandemic has propelled it into the spotlight like never before. Almost overnight, it became the new norm and now it seems that, for many, what was once a temporary solution is here to stay.
This new way of working has, however, brought new risks alongside it. In this new landscape, organizations’ attack surfaces have rapidly expanded as employees log into work platforms from unsecured networks or personal devices. Protecting the network far and wide has never been more important, nor has it been more difficult to achieve.
The rise of ransomware-as-a-service (RaaS)
Phishing may remain the number one tactic for attackers for stealing personal data, but ransomware attacks are on the rise as criminals look to profit directly from their attacks. Every week, ransomware attacks hit the headlines and the list of organizations falling victim grows longer. It seems that we are yet to find an effective cure for our ransomware pandemic.
This type of attack remains popular among bad actors and cyber criminals simply because it is so profitable – ransomware involves little cost and plenty of reward. The reality is that companies operating in today’s landscape simply cannot afford to be offline in the aftermath of the pandemic’s workforce diaspora. Remaining offline risks not only financial loss but also long-term reputational damage. For example, when Tesco’s website went down in a suspected hack attempt, sales took a hit as customers shopped from supermarket rivals. The big concern for the company now is whether they will come back.
Whilst we can’t say for sure how many ransomware attacks happen on a daily basis, rest assured the number is high and continues to grow. Cybersecurity Ventures estimates that a ransomware attack happens every 11 seconds. Understandably, some organizations decide not to disclose that they’ve been attacked – after all, sharing this information could expose them further and damage their reputation. Take Travelex as an example of a company that never managed to recover – shortly after revealing the extent of an attack and paying the ransom, it went into administration.
The rise of Ransomware-as-a-Service (RaaS) is part of cybercrime’s evolution towards a commercialized business. This commercial branch magnifies the ransomware threat as even inexperienced cyber criminals can buy everything they need on the dark web and launch an attack. It is not going away any time soon and will be one of the biggest cybersecurity threats in 2022.
Prevention is the best cure
Like with most attacks, prevention is always better than finding a cure once infected. It’s important for companies to try and mitigate the impact of an attack before it hits. An effective strategy requires the right mix of cybersecurity tools, such as DNS security to detect threats entering and leaving the corporate network, and continued employee education. The ransomware landscape is complex and companies need to ensure their training is ever evolving in order to keep up.
That means that employee education should go beyond standard training. It should be continuous. After all, attackers never stop so why would our defense? From spoofing phone calls to phishing emails, cyber criminals play by volume and are very persistent. They can send thousands of emails every day, trying to infiltrate an organization. The heavier the volume, the higher the chance that somebody will open the email and click the link. “Report phishing” buttons – and other tools built for employees to support the fight against cybercrime – are likely to become increasingly important moving forward. With cyber criminals knocking at every door to try and gain entry, every worker is part of the first line of defense.