The current pandemic has forced organizations to rapidly move to the cyberspace – including those with limited cyber experience. This hasty shift has meant that many entities have perilous gaps in their IT systems, leaving them vulnerable to attacks. The professional Cybercrime and state sponsored groups find these times a fertile ground for their operations due to the plethora of vulnerabilities associated with the changing working environment brought on by COVID-19. Organizations need to be more aware of physical layer security since these WFH policies present an even greater risk of hardware attacks.
Recent months have shown a significant rise in the number of Ransomware attacks on various verticals, as highlighted by the Homeland Threat Assessment October 2020 Report, Temple University Ransomware watch list, Microsoft’s September report, and others. An indicator for that can also be found in the rise of Bitcoin’s exchange rate which is used for Ransomware payoffs. Overall, 2020 has seen a 50% increase in the daily average of ransomware attacks than in the previous year and the damage costs from the attacks are expected to be roughly $20 billion by 2021.
According to IBM’s 2020 Cost of a Data Breach report, the average cost of a ransomware attack is around $4.44 million. Furthermore, according to CyberEdge’s 2020 “Cyberthreat Defense Report”, in North America nearly 69% of companies are affected by ransomware attacks, while in Asia and Oceania 55% of companies are affected. In Latin America, the Middle East, and Africa, 61% of companies were affected compared to 57% of European companies.
If you think only the financial industry is being hit by these attacks, think again. The governmental sector in North America topped all industries with 15.4% of these bodies reporting a ransomware attack this past year. 13.9% of companies in manufacturing organizations reported a ransomware attack in 2020, ranking them second. The construction industry came in at third, with a reported 13.2% experiencing an attack, and just under 5% of financial organizations reported a ransomware attack.
The US federal sector is especially vulnerable as it is currently in the process of the 2020 election. There are increasing concerns that ransomware will be the latest threat to this election, where an attack could have various different impacts, including disabling voting registers, vote tallying and reporting; all of which will have an overall effect on the final election result.
There have also been many attacks on the healthcare industry recently, and an almost twofold increase in the percentage of healthcare organizations being affected by ransomware globally between Q2 and Q3 of 2020; from 2.3% to 4%. One of the largest healthcare providers, Universal Health Services, has been hit this past month. UHS serves millions of patients yearly and has 400 hospitals and healthcare facilities in the US and the UK, and therefore a ransomware attack would have a major impact. Fortunately, in this attack no patient or employee data was accessed or compromised, but just because this time no one was affected, it does not mean that there won’t be a next time…
Other healthcare victims of ransomware have not been so lucky. In Duesseldorf University Hospital, a woman died as a result of a ransomware attack. She might have been the first victim linked to a cyberattack on a hospital, and hopefully the last one… Additionally, a Philadelphia company selling software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for COVID-19, was hit by a ransomware attack which caused some of those trials to slow down two weeks after the attack.
Educational bodies have found themselves an increasingly appealing target for ransomware attacks now that classes are being held virtually. The UK’s National Cyber Security Centre issued an alert following investigations into increased ransomware attacks on education establishments, indicating the severity of the threat. One of the most recent attacks occurred in September 2020, targeting Clark County School District in Las Vegas. The attack included a data breach involving Social Security numbers, students’ information, and other private information.
Although it seems as though organizations are leaving themselves completely exposed to ransomware attacks, this is not the case. Many improvements have been made across industries to reduce the likelihood of becoming victim to this type of attack. Nonetheless, with this comes developments being made on the perpetrators’ side whereby their attack models are changing to adapt to the enhanced security measures. This does not just mean increasing the damage that a ransomware attack can cause, but also the ways in which the malware is injected and disseminated. Attackers will always be smart! They are pragmatic and easily adapt to Cybersecurity challenges – that is literally what they do. If in the past companies that had a good backup plan could bounce back without even paying off, this is no longer the case as now the new “currency” is data leakage, and bouncing back from a major data breach comes with a completely different price tag.
Many of these attacks could have been easily carried out by an infected device… All the attacker would have to do is insert a malware-laced USB into an endpoint or place a network implant within the organization. An example of this is an “evil-maid” attack, in which the attacker just needs physical access to the premises; this attacker may be someone who already has physical access to the entity, such as a cleaner, or someone disguised as one. Especially during these challenging days of COVID-19, where there is so much else to focus on, it only takes one person to plant a malicious hardware device into your computer, and then there really isn’t much you can do from there. In all likelihood, you will not even know that this has happened until it is too late…
It seems as if no one is immune! Why? There are the obvious reasons related to financial downtime and uncertainty, which always leads to an increase in criminal activity.
“Legacy crime” activities are harder to complete – ever tried pickpocketing while social distancing? So, if you are a criminal sitting at home, you can either binge-watch the Netflix series, “House of Paper”, or make the effort to understand what this Ransomware “stuff” is that everyone is talking about and hey, you have Rita’s cousin who is a computer geek, so why not use him? All the information is out there; you can run an easy Ransomware attack by just asking someone to put a manipulated mouse or keyboard on someone’s desk – no Navy Seals training is required for that, Rita’s cousin will suffice.
Do you want an example of how easy it is? John is fed up with his boss and thinks about leaving the company. In theory, he could take a certain database snapshot of customers or IP and send it anonymously to his compay as “Proof of Authenticity”, threatening to release a massive amount of data…. How could you tell if it is an internal abuser or APTx? Does it really matter?
According to a Cybersecurity Ventures report, it is estimated that by 2021, a ransomware attack is expected to occur every 11 seconds… So, by the time you’ve finished reading this, approximately 10 attacks will have taken place.