What Lessons Have We Learnt From Recent Ransomware Group Attacks?

Uploaded on 2024-01-30 in NEWS-Cybersecurity News, FREE TO VIEW

Ransomware gangs such as LockBit, Alphv, Clop and Black Basta, continue to dominate headlines. Research shows that these organised crime groups enjoyed runaway success in 2023, with two in three organisations suffering a ransomware incident.

2024 may not be that different. Immediately, Black Basta’s hack into the international automation & engineering company, ABB, comes to mind, but the reality is that there are just too many breaches to name. 

Crime As A Business  

The reason for their success? These organised crime groups have enjoyed success in the past due to their increasingly professional approach. They have carried out ransomware attacks end-to-end – from initiating the initial compromise to establishing a foothold in the organisation, propagating the malware on user devices through to managing the ransomware demand and negotiation process, complete with sophisticated dashboards showing the exact data they have stolen, their contact phone numbers and how to make the payment. 

However, they realised that this in-house, end-to-end approach was often successful only up a point. When external factors interfered or disrupted the process, at any point in the attack chain, the whole operation would unravel. 

They have since evolved, which yet again demonstrates their professional approach to cybercrime. These organised crime groups have ingeniously divided themselves into specialised ransomware-as-a-service ‘brands’, ensuring that no single outfit is solely responsible for an attack. They are able to maintain plausible deniability, making it extremely difficult for already short-staffed authorities to bring them to account. 

Furthermore, through their services, these groups are lowering the barrier to entry into this space. The smaller criminals don’t even have to be computer experts, they can merely use available software to initiate breaches and fill the gaps using the specialist services – all provided by these ransomware brands. 

There is a supply chain in this sophisticated underworld. Many of these organised crime groups outsource data collection to specialists who use advanced vulnerability detection tools at scale to identify ‘sitting ducks’– which companies are vulnerable, whose mail servers haven’t been patched, what kind of links users click on most, and so on. The cliché ‘no rest for the wicked’ is truly apt in this context! 

It's worth pointing out whilst we typically tend to hear of security breaches in large corporates, attacks on the small and medium sized businesses are equally prolific. In fact, a trend that is increasingly become visible is bad actors breaching smaller organisations in the supply chain to eventually lay their hands on the data in the larger corporates.

There Is No Magic Bullet For Protection 

A holistic strategy, alongside dogged execution of that strategy is needed to ensure risk mitigation and cybersecurity protection. Most organisations have cybersecurity policies and programmes in place, especially as compliance in this area is becoming ever more stringent, but they are often not appropriately enforced. 

Security awareness training for users must be at the top of the list of priorities, given that the specialist data collectors are continually analysing user behaviours to identify new phishing and malware proliferation techniques to catch employees off guard. 

Vigilance is critical. Users are constantly under attack, so they need the necessary skills to be watchful in order to spot suspicious activity, be that in the form of dodgy emails, malicious QR codes and links, stolen passwords and so forth. 

At the same time, the insider threat is a real and present danger. A thorough vetting process is a must. Surreal as it sounds, criminal gangs do actively deploy individuals through third-party organisations to implant and detonate ransomware.

It’s not unusual for malicious code to remain hidden for several months before the criminal decides to initiate the attack. This is long after the bad actor has left the organisation, systematically covering their tracks. 

Timely patching of software is a no brainer. Today, there are advanced vulnerability assessment software available that can automate the process, targeting everything that is within the organisation’s network range, including devices. Once properly configured, literally with a click of a mouse, the software will identify the software and devices that need patching, in order of criticality.

 Archiving or backing-up data in a ring-fenced, encrypted state is essential too. Should a breach occur, the business is in a better position to deal with the criminals and potentially refrain from paying the extortionate ransom demand. 

Likewise, regularly monitoring and auditing access controls to data is vital so that business-critical information stays within the ‘castle walls’ of the business. In today’s remote working environment, the ability to secure remote connections, and lock down services without creating a hindrance for users, is important. 

All other standard, routine measures such as penetration testing, phishing simulations, properly configuring and monitoring email gateways and firewalls are fundamental to cybersecurity. 

A Parallel White-Collar Profession

Organised crime groups now operate in the underworld like a white-collar service industry, providing cutting-edge, highly proficient and unconventional capabilities to criminals whose profession it is to breach, steal and fraud. Often, they are ahead of the corporate ecosphere in terms of investing in the latest cybersecurity tools and techniques.

Consequently, for businesses there is no room for laxity. They must fully optimise the technologies at their disposal to bolster their defences, and in the unfortunate event of a breach, effectively mitigate its impact. Whilst regulatory fines are computable, reputational loss and its longevity are impossible to quantify. 

Jack Garnsey is Subject Matter Expert, Email Security at VIPRE Security Group

Image:  Andrey Popov

You Might Also Read:

Ransom Attackers Impersonate Security Researchers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Deep Fake Images of Taylor Swift Taken Down
Britain's New Digital Markets Act Could Cost Business Billions »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

ICTSecurity Portal - Austria

ICTSecurity Portal - Austria

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Spec

Spec

Spec is the only no-code orchestration platform that protects enterprise fraud defenses from being blocked, bypassed, and manipulated by modern attack tactics.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Xmore AI

Xmore AI

Xmore AI, an emerging disruptor in our incubation, is building AI models to optimize and secure IT with the mission of increasing efficiency and reducing costs.

Crisis24

Crisis24

Crisis24 is a leading integrated risk management, crisis response, consulting, and global protective solutions firm.