CISA, FBI, NSA Ransomware Trend Advisory Issued

The CISA, FBI, NISA and International Partners have issued an advisory on ransomware trends in 2021, citing ongoing trends of growth in phishing, cybercriminal services-for-hire and an increasing impact for ransomware groups. The advisory, titled “2021 Trends Show Increased Globalized Threat of Ransomware”, outlines trends seen across three nations, including:

  • Cybercriminals are increasingly gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting software vulnerabilities.
  • The market for ransomware became increasingly “professional” and there has been an increase in cybercriminal services-for-hire.
  • More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks.
  • Cybercriminal are diversifying their approaches extorting money.
  • Ransomware groups are having an increasing impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software supply chain.
  • Ransomware groups are increasingly targeting organizations on holidays and weekends.

The advisory is very much worth reading. But Chris Olson, CEO of The Media Trust has had a look and offers this commentary:

“Despite the amount of news coverage devoted to cyberattacks, no amount of awareness seems to stunt their growth. The frequency of ransomware attacks in the first half of 2021, increased by nearly 100% from just the year before and the average cost, including payout and recovery, is estimated at $2 million.” 

“I call this the new mafia; as the cybercriminal underclass grows, so does the black market for malware, exploits and sensitive data harvesting. With these shadow markets in place, hacking skills aren’t needed to target a business or its customers: nation states, terrorist groups and profit-seekers can infiltrate a business by simply paying someone else to do it for them.”

“It doesn’t take god-like powers to pull off a ransomware attack, all it takes is the basic knowhow to exploit backdoor channels hidden across all modern websites and applications.”

I’ve said this repeatedly that organizations of all sizes must do all that they can to protect themselves from cybercrime. The time for excuses on this front is running out. Which means that if you’re not stepping up to the plate, you’re stepping up to get pwned.

UPDATE: Saryu Nayyar, CEO and Founder, Gurucul added this commentary:

“Phishing attacks on remote workers are compounding successful initial compromises as home networks are much less secure. Combined with traditional corporate phishing attacks it is no surprise why compromise is inevitable and these types of attacks are the primary mechanism by which ransomware gets a foothold in most organizations. The rapid move to cloud infrastructure means that security has followed rather than led making these environments more susceptible to attack than on-premise networks. We know that targeting these environments is a top attacker initiative for 2022. Perimeter and defensive technologies are not enough to stop these types of attacks. Organizations need to invest in newer and more advanced technologies for monitoring, detection and response much earlier in the attack kill chain to be successful. This requires looking at more advanced analytics and behavioral profiling beyond what current XDR and SIEM solutions offer. In addition, the current class of rule-based machine learning (ML) in these solutions is incapable of identifying new variants and emerging ransomware threats.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: