What Lessons Have We Learnt From Recent Ransomware Group Attacks?

Uploaded on 2024-01-30 in NEWS-Cybersecurity News, FREE TO VIEW

Ransomware gangs such as LockBit, Alphv, Clop and Black Basta, continue to dominate headlines. Research shows that these organised crime groups enjoyed runaway success in 2023, with two in three organisations suffering a ransomware incident.

2024 may not be that different. Immediately, Black Basta’s hack into the international automation & engineering company, ABB, comes to mind, but the reality is that there are just too many breaches to name. 

Crime As A Business  

The reason for their success? These organised crime groups have enjoyed success in the past due to their increasingly professional approach. They have carried out ransomware attacks end-to-end – from initiating the initial compromise to establishing a foothold in the organisation, propagating the malware on user devices through to managing the ransomware demand and negotiation process, complete with sophisticated dashboards showing the exact data they have stolen, their contact phone numbers and how to make the payment. 

However, they realised that this in-house, end-to-end approach was often successful only up a point. When external factors interfered or disrupted the process, at any point in the attack chain, the whole operation would unravel. 

They have since evolved, which yet again demonstrates their professional approach to cybercrime. These organised crime groups have ingeniously divided themselves into specialised ransomware-as-a-service ‘brands’, ensuring that no single outfit is solely responsible for an attack. They are able to maintain plausible deniability, making it extremely difficult for already short-staffed authorities to bring them to account. 

Furthermore, through their services, these groups are lowering the barrier to entry into this space. The smaller criminals don’t even have to be computer experts, they can merely use available software to initiate breaches and fill the gaps using the specialist services – all provided by these ransomware brands. 

There is a supply chain in this sophisticated underworld. Many of these organised crime groups outsource data collection to specialists who use advanced vulnerability detection tools at scale to identify ‘sitting ducks’– which companies are vulnerable, whose mail servers haven’t been patched, what kind of links users click on most, and so on. The cliché ‘no rest for the wicked’ is truly apt in this context! 

It's worth pointing out whilst we typically tend to hear of security breaches in large corporates, attacks on the small and medium sized businesses are equally prolific. In fact, a trend that is increasingly become visible is bad actors breaching smaller organisations in the supply chain to eventually lay their hands on the data in the larger corporates.

There Is No Magic Bullet For Protection 

A holistic strategy, alongside dogged execution of that strategy is needed to ensure risk mitigation and cybersecurity protection. Most organisations have cybersecurity policies and programmes in place, especially as compliance in this area is becoming ever more stringent, but they are often not appropriately enforced. 

Security awareness training for users must be at the top of the list of priorities, given that the specialist data collectors are continually analysing user behaviours to identify new phishing and malware proliferation techniques to catch employees off guard. 

Vigilance is critical. Users are constantly under attack, so they need the necessary skills to be watchful in order to spot suspicious activity, be that in the form of dodgy emails, malicious QR codes and links, stolen passwords and so forth. 

At the same time, the insider threat is a real and present danger. A thorough vetting process is a must. Surreal as it sounds, criminal gangs do actively deploy individuals through third-party organisations to implant and detonate ransomware.

It’s not unusual for malicious code to remain hidden for several months before the criminal decides to initiate the attack. This is long after the bad actor has left the organisation, systematically covering their tracks. 

Timely patching of software is a no brainer. Today, there are advanced vulnerability assessment software available that can automate the process, targeting everything that is within the organisation’s network range, including devices. Once properly configured, literally with a click of a mouse, the software will identify the software and devices that need patching, in order of criticality.

 Archiving or backing-up data in a ring-fenced, encrypted state is essential too. Should a breach occur, the business is in a better position to deal with the criminals and potentially refrain from paying the extortionate ransom demand. 

Likewise, regularly monitoring and auditing access controls to data is vital so that business-critical information stays within the ‘castle walls’ of the business. In today’s remote working environment, the ability to secure remote connections, and lock down services without creating a hindrance for users, is important. 

All other standard, routine measures such as penetration testing, phishing simulations, properly configuring and monitoring email gateways and firewalls are fundamental to cybersecurity. 

A Parallel White-Collar Profession

Organised crime groups now operate in the underworld like a white-collar service industry, providing cutting-edge, highly proficient and unconventional capabilities to criminals whose profession it is to breach, steal and fraud. Often, they are ahead of the corporate ecosphere in terms of investing in the latest cybersecurity tools and techniques.

Consequently, for businesses there is no room for laxity. They must fully optimise the technologies at their disposal to bolster their defences, and in the unfortunate event of a breach, effectively mitigate its impact. Whilst regulatory fines are computable, reputational loss and its longevity are impossible to quantify. 

Jack Garnsey is Subject Matter Expert, Email Security at VIPRE Security Group

Image:  Andrey Popov

You Might Also Read:

Ransom Attackers Impersonate Security Researchers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Deep Fake Images of Taylor Swift Taken Down
Britain's New Digital Markets Act Could Cost Business Billions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

10dot Cloud Security

10dot Cloud Security

10dot Cloud Security is a security service management company. Our solutions give you contextualised visibility into your network security.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

MainNerve

MainNerve

MainNerve helps secure networks, applications, people, and facilities… enabling businesses to reduce risk and increase their cybersecurity posture.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.