What Lessons Have We Learnt From Recent Ransomware Group Attacks?

Uploaded on 2024-01-30 in NEWS-Cybersecurity News, FREE TO VIEW

Ransomware gangs such as LockBit, Alphv, Clop and Black Basta, continue to dominate headlines. Research shows that these organised crime groups enjoyed runaway success in 2023, with two in three organisations suffering a ransomware incident.

2024 may not be that different. Immediately, Black Basta’s hack into the international automation & engineering company, ABB, comes to mind, but the reality is that there are just too many breaches to name. 

Crime As A Business  

The reason for their success? These organised crime groups have enjoyed success in the past due to their increasingly professional approach. They have carried out ransomware attacks end-to-end – from initiating the initial compromise to establishing a foothold in the organisation, propagating the malware on user devices through to managing the ransomware demand and negotiation process, complete with sophisticated dashboards showing the exact data they have stolen, their contact phone numbers and how to make the payment. 

However, they realised that this in-house, end-to-end approach was often successful only up a point. When external factors interfered or disrupted the process, at any point in the attack chain, the whole operation would unravel. 

They have since evolved, which yet again demonstrates their professional approach to cybercrime. These organised crime groups have ingeniously divided themselves into specialised ransomware-as-a-service ‘brands’, ensuring that no single outfit is solely responsible for an attack. They are able to maintain plausible deniability, making it extremely difficult for already short-staffed authorities to bring them to account. 

Furthermore, through their services, these groups are lowering the barrier to entry into this space. The smaller criminals don’t even have to be computer experts, they can merely use available software to initiate breaches and fill the gaps using the specialist services – all provided by these ransomware brands. 

There is a supply chain in this sophisticated underworld. Many of these organised crime groups outsource data collection to specialists who use advanced vulnerability detection tools at scale to identify ‘sitting ducks’– which companies are vulnerable, whose mail servers haven’t been patched, what kind of links users click on most, and so on. The cliché ‘no rest for the wicked’ is truly apt in this context! 

It's worth pointing out whilst we typically tend to hear of security breaches in large corporates, attacks on the small and medium sized businesses are equally prolific. In fact, a trend that is increasingly become visible is bad actors breaching smaller organisations in the supply chain to eventually lay their hands on the data in the larger corporates.

There Is No Magic Bullet For Protection 

A holistic strategy, alongside dogged execution of that strategy is needed to ensure risk mitigation and cybersecurity protection. Most organisations have cybersecurity policies and programmes in place, especially as compliance in this area is becoming ever more stringent, but they are often not appropriately enforced. 

Security awareness training for users must be at the top of the list of priorities, given that the specialist data collectors are continually analysing user behaviours to identify new phishing and malware proliferation techniques to catch employees off guard. 

Vigilance is critical. Users are constantly under attack, so they need the necessary skills to be watchful in order to spot suspicious activity, be that in the form of dodgy emails, malicious QR codes and links, stolen passwords and so forth. 

At the same time, the insider threat is a real and present danger. A thorough vetting process is a must. Surreal as it sounds, criminal gangs do actively deploy individuals through third-party organisations to implant and detonate ransomware.

It’s not unusual for malicious code to remain hidden for several months before the criminal decides to initiate the attack. This is long after the bad actor has left the organisation, systematically covering their tracks. 

Timely patching of software is a no brainer. Today, there are advanced vulnerability assessment software available that can automate the process, targeting everything that is within the organisation’s network range, including devices. Once properly configured, literally with a click of a mouse, the software will identify the software and devices that need patching, in order of criticality.

 Archiving or backing-up data in a ring-fenced, encrypted state is essential too. Should a breach occur, the business is in a better position to deal with the criminals and potentially refrain from paying the extortionate ransom demand. 

Likewise, regularly monitoring and auditing access controls to data is vital so that business-critical information stays within the ‘castle walls’ of the business. In today’s remote working environment, the ability to secure remote connections, and lock down services without creating a hindrance for users, is important. 

All other standard, routine measures such as penetration testing, phishing simulations, properly configuring and monitoring email gateways and firewalls are fundamental to cybersecurity. 

A Parallel White-Collar Profession

Organised crime groups now operate in the underworld like a white-collar service industry, providing cutting-edge, highly proficient and unconventional capabilities to criminals whose profession it is to breach, steal and fraud. Often, they are ahead of the corporate ecosphere in terms of investing in the latest cybersecurity tools and techniques.

Consequently, for businesses there is no room for laxity. They must fully optimise the technologies at their disposal to bolster their defences, and in the unfortunate event of a breach, effectively mitigate its impact. Whilst regulatory fines are computable, reputational loss and its longevity are impossible to quantify. 

Jack Garnsey is Subject Matter Expert, Email Security at VIPRE Security Group

Image:  Andrey Popov

You Might Also Read:

Ransom Attackers Impersonate Security Researchers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Deep Fake Images of Taylor Swift Taken Down
Britain's New Digital Markets Act Could Cost Business Billions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

Sumo Logic

Sumo Logic

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Melius Cyber Security

Melius Cyber Security

Melius Cyber Security has developed a world-leading SaaS platform, Cyber Safe Plus, built around continuous assessment and improvement through vulnerability scanning and penetration testing

Qeros

Qeros

Qeros is a next-generation distributed system enables secure data and transaction processing at the velocity of thought.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

Vector Choice Technologies

Vector Choice Technologies

Vector Choice Technology Solutions has a long standing reputation in cyber security consulting since 2008.

Validia

Validia

Validia is a deepfake cybersecurity service that provides proactive and reactive defense to the deepfake threat enterprises increasingly face with the rapid growth of generative AI.

Defend

Defend

DEFEND are 100% focused on providing managed cybersecurity solutions and services that make a real difference to the cyber resilience of your organisation.