US, UK, Australia Issue Warning of Sophisticated Ransomware Attacks

Channel Futures

Edward Gately | »

An increase in attack sophistication is proof of the growing threat that ransomware poses to all organizations. That’s according to a new alert by cybersecurity agencies from the United States, the United Kingdom and Australia.

Over the past several years, ransomware has become the most prevalent threat to organizations in private and public sectors alike, including financial services, food and agriculture, government, health care and other critical infrastructure industries.

Ransomware groups have increased their impact by:

  • Targeting cloud infrastructures to exploit known vulnerabilities in cloud applications, virtual machine software and virtual machine orchestration software. Ransomware threat actors also targeted cloud accounts, cloud APIs, and data backup and storage systems to deny access to cloud resources and encrypt data.
  • Targeting MSPs. By compromising an MSP, a ransomware threat actor could access multiple victims through one initial compromise. Cybersecurity authorities in the United States, the United Kingdom and Australia say there will be an increase in ransomware incidents where threat actors target MSPs to reach their clients.
  • Attacking industrial processes. Although most ransomware incidents against critical infrastructure affect business information and technology systems, the FBI observed that several ransomware groups have developed code designed to stop critical infrastructure or industrial processes.
  • Attacking the software supply chain. Targeting software supply chains allows ransomware threat actors to increase the scale of their attacks by accessing multiple victims through a single initial compromise.
  • Targeting organizations on holidays and weekends. Ransomware threat actors may view holidays and weekends, when offices are normally closed, as attractive timeframes, as there are fewer network defenders and IT support personnel at victim organizations.

“Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model,” the alert said. “Additionally, cybersecurity authorities in the United States, Australia and the United Kingdom note that the criminal business model often complicates attribution because there are complex networks of developers, affiliates and freelancers. It is often difficult to identify conclusively the actors behind a ransomware incident.”

Saryu Nayyar is CEO and founder of Gurucul.

“Phishing attacks on remote workers are compounding successful initial compromises as home networks are much less secure,” she said. “Combined with traditional corporate phishing attacks, it is no surprise why compromise is inevitable and these types of attacks are the primary mechanism by which ransomware gets a foothold in most organizations.”

The rapid move to cloud infrastructure means security has followed rather than led, making these environments more susceptible to attack than on-premises networks, Nayyar said.

“We know that targeting these environments is a top attacker initiative for 2022,” she said. “Perimeter and defensive technologies are not enough to stop these types of attacks. Organizations need to invest in newer and more advanced technologies for monitoring, detection and response much earlier in the attack kill chain to be successful. This requires looking at more advanced analytics and behavioral profiling beyond what current extended detection and response (XDR) and security information and event management (SIEM) solutions offer. In addition, the current class of rule-based machine learning (ML) in these solutions is incapable of identifying new variants and emerging ransomware threats.”

Warning of Sophisticated Ransomware Attacks

Warning of Sophisticated Ransomware Attacks
External Link: US, UK, Australia Issue Warning of Sophisticated Ransomware Attacks

Share this page:

Related Posts