Ransomware made a big impact in 2021—not only in the IT space but by disrupting and interfering with government, security, the supply chain and services that impact U.S. consumers’ daily lives. Furthermore, the cost of ransomware recovery grew for victim businesses and organizations. According to Sophos, ransoms in 2021 were as high as $3.2 million, with the average at $170,404.
Tim Eades, CEO of vArmour, comments, “The last two years of the pandemic along with the shift to remote work have been plagued by ransomware. The attacks have been so brazen that it has impacted several sectors of our national infrastructure. Companies continue to buy cyber insurance, and cyber insurers continue to pay out, and the threat of ransomware is not going to go away soon, likely only continue to accelerate at full speed in 2022.”
Adrian Moir, Technology Strategist, Principal Engineer at Quest, comments, “Ransomware is getting worse and becoming even more accessible to bad actors as Ransomware as a Service is becoming widely available on the dark web. As the ransomware scourge continues to ravage organizations across the nation, organizations are beginning to recognize that one layer of defense isn’t enough—no matter how strong it seems.”
Action Items:
Moir says organizations will:
- Move toward layered defense to protect against ransomware
- Implement enhanced data backup and recovery solutions as well as standard network security systems
The 2022 Spin on Ransomware
Ransomware attacks will continue to evolve and, unfortunately, include an element of surprise.
Jose Carlos Najera Flores, Subject Matter Expert, Vulnerability Management at Syntax, says to expect supply-chain and ransomware “combo” attacks. “Windows updates can offer a holy grail of supply-chain attacks, and it’s just a matter of time before a hacker weasels their way in to leverage it as a delivery method.”
Jesse Rothstein, Co-Founder and CTO of ExtraHop, agrees. “The threatscape has changed with adversaries no longer going through a user to launch everyday attacks. This is the new normal — adversaries, often backed by nation-state sponsors, targeting the supply chain of American businesses and their allies.”
Rothstein also warns, “Organizations should expect ransomware attacks to become personalized and utilize different types of cyber assets such as employee insiders. We can expect additional cybercrime groups to rise and shift the balance of Ransomware as a Service to control victim’s networks.”
Action Item:
- Flores advises, “If you are already patching fast, double-time it! Vulnerabilities will have a faster turnover into functional exploits that are measured in hours, not days.”
What’s Driving Ransomware Attacks?
As in the past, some ransomware attacks will be motivated by money.
Kent Feid, Director of Product Management, Quest, adds, “The use of cryptocurrencies as payment will fuel the rise. The anonymity of cryptocurrencies provides protections for attackers, and until we have a way to implement true regulation or protections for cryptocurrency, ransomware will continue to run amuck. Ransomware-focused legislation is a step in the right direction, but that legislation won’t work until you address and manage the monetary side.”
However, as Mark Bowling, VP, Security Response Services at ExtraHop, observes, nation state attacks will rise as a prevalent security threat in the next few years. “Campaigns by nation state attackers have the greatest opportunity to damage the safety and security of the people in the U.S. Espionage-style attacks for both economic gain and military gain will increasingly target the U.S. for nation-states to gain leverage over the political sphere. Not only will they increase in number, but they will also improve their cyber-espionage tradecraft. They won’t stop until the U.S. attempts to deter it.”
Action Items:
- Advocate for ransomware-focused legislation and stay apprised of progress.
- Closely monitor trends that may indicate that your business or your clients’ could be targeted.
Who’s In the Cross Hairs?
As nation-state-sponsored attacks increase in frequency, government agencies and critical supply chains need to prepare for ransomware attacks.
Marc Woolward, vArmour CISO and CTO, says, “Those pieces of critical national infrastructure such as food production, energy production, and other important civil services, have always been a bit more shielded from criminals because they are not quite as glamorous as a large financial institution or large retailer. We have now seen an uptick in a success in attacks on these lesser-known segments of our critical infrastructure, and we can expect to continue to see this trend. At the end of the day, this is another wake-up call that they too are just as vulnerable, and we need to protect every aspect of the global supply chain.
Jeff Costlow, CISO, ExtraHop, says another target is cloud providers, who need to assess their risks and vulnerabilities. “There are areas of risk in the lower level of cloud services, that if not secured properly, could lead to a massive infrastructure attack, something in scale that we’ve not seen before. Organizations must be prepared for this.”
Jim Wachhaus, Director of Technical Product Marketing at Cycognito, expects ransomware groups to change their focus from remote workers to new targets. “I predict a leveling off in attacks and breaches related to remote access services. After a two-year surge of remote and hybrid workers, many of these systems are now properly secured. However, technical debt in the internet-facing attack surface is emerging as an issue for enterprises, and a lack of experienced people to maintain and protect this aging and new infrastructure may make this prediction optimistic.”
Mike Campfield, VP, Global Security Programs, ExtraHop, adds, “In the healthcare industry, we can expect to see more attacks on medical IoT and the IoT medical supply chain. Any medical machine that runs legacy technology will be easier to penetrate, and ransomware will continue to be an issue. Some of the threat vectors in the healthcare sector are unmanaged devices and legacy apps, so healthcare organizations will need to implement stronger security policies on those devices and apps.”
Action Items:
- Monitor CISA Alerts for updates on current security exploits and vulnerabilities.
For more security updates and insights, visit DevPro Journal’s Security resources page.
