From calculators to cloud to quantum, computing has changed the lives of billions of people for the better. But just as innovation can be a force for good, it can also help cyber criminals.
Are you protecting your assets with end-to-end encryption? So are the criminals. Are you managing a distributed workforce with collaboration tools? Threat actors have a similar strategy. Are you hyperscaling your business with cloud technology? The attackers are too.
Meanwhile, defenders face a strained supply chain, security challenges posed by hybrid and remote work environments and heightened global instability. These represent new opportunities for those intent on disrupting business in pursuit of profit.
Putting a Zero Trust security strategy into action is a major theme at IBM’s Think 2022. Learn how to attend from anywhere in the world here.
Rise of Ransomware-as-a-Service
Ransomware is a form of attack that prevents a user from accessing computer files, systems and networks until a ransom is paid. This was the most common type of cyber attack in 2021, accounting for 21% of the total, according to the latest IBM X-Force Threat Intelligence Index.
One reason why attackers like this approach is that it’s an efficient business model. You don’t need to have in-house technical expertise to carry out one of these attacks. Now, ‘ransomware-as-a-service’ providers will do it for you.
What is ransomware-as-a-service? Criminal ‘firms’ with technical expertise provide pre-packaged tools to partners. Those partners then carry out the attack in exchange for a percentage of each ransom payment.
With a single gang bringing in profits of at least $123 million in 2020, it can be a very lucrative business indeed.
Cyber criminals operate like businesses
The rise of ransomware-as-a-service demonstrates the fact that the most successful cyber criminals run their attacks like businesses. And like most businesses, their goal is to increase their return on investment (ROI) and maximize profits.
Phishing attacks are the favored approach for ransomware attackers and other cyber criminals seeking entry into a system, accounting for 41% of initial attacks remediated by IBM X-Force in 2021. It’s simpler and quicker to trick somebody into giving you their credentials or clicking on a malicious link than it is to break into a complex network from the outside. The ROI, in other words, is greater. And once a criminal is inside the system, it is possible to implant ransomware and other forms of malware.
Likewise, the desire to maximize profits means that the cyber criminals’ selection of targets is evolving. Five or six years ago, criminals saw a chance in credit card details held by large retailers (and many still do). Today, it is possible to cause more disruption to business operations and extract more revenue through ransomware.
Last year saw supply chains come under new pressure. IBM found that manufacturing — which plays a critical role in supply chains — became the favorite target of cyber criminals. It received 23% of attacks (ahead of finance and insurance for the first time since 2016).
By targeting industries that cannot afford downtime, criminals increase their leverage so that they can force a quick payout. This style of attack goes beyond damaging a single enterprise to impacting entire business ecosystems. Sometimes, attackers go even further and set their sights on critical infrastructure.
How the DarkSide attacked critical infrastructure
The strategy where criminals maximize their leverage by targeting critical infrastructure was shown last year when the DarkSide ransomware group (which operates according to a ransomware-as-a-service model) attacked the privately held Colonial Pipeline. The company operates oil pipelines that stretch 5,500 miles from the Gulf Coast to New York. It supplies 45% of the fuel used on the U.S. East Coast.
When Colonial was forced to shut down the pipeline, thousands of gas stations ran out of fuel, leading to panic buying and a spike in prices as drivers in the region raced to fill up their cars. The attack, which was the result of a single compromised password, cost Colonial nearly $5 million in ransom money. But the impact was felt as far away as Asia because the South Korean national pension is one of the company’s co-owners.
Nor was the attack on Colonial unique. One month later, the world’s largest meat supplier suffered an extortion attack. Meanwhile, attackers have held hospitals for ransom and targeted municipal systems in Atlanta, Baltimore and Massachusetts, in each case applying pressure on essential services to extract maximum profit.
Other forms of attack on the rise
Despite the widespread impact of ransomware attacks, most are never publicized. This makes it challenging to share information that would help businesses combat the threat.
Many of these gangs are based in countries without clear extradition rules or government cooperation in combatting attacks. So, criminals themselves have little fear of being held accountable, even less of being extradited.
Ransomware is currently the malware most favored by cyber criminals. However, like any business, they have other ‘products’ they can use to achieve their goals.
For instance, the spread of smart devices, such as refrigerators and smart TVs, has provided attackers with new openings. In fact, IBM X-Force saw a 3,000% surge in Internet of Things malware use between the third quarter of 2019 and the fourth quarter of 2020.
What can businesses do?
So, what should businesses do? An important first step is to practice thinking like an attacker. When you look at your own business, what are the most essential services that would cause maximum disruption if you were to lose access to them?
It’s important to think both about customer-facing services and those that support employees and products. Also, you should ask: What systems could serve as a gateway into the corporate network?
You should consider adopting a zero trust security model, where you establish least privileged access, verify and authenticate continuously and adopt a mindset that a breach may have already occurred. A zero trust model can minimize the impact of a breach, drive threat detection and improve how you defend your company’s assets. The goal is to make it harder for ransomware and other threats to spread, even after an initial compromise. Businesses that follow zero trust are able to enhance security while streamlining the fulfillment of business needs.
Living the zero trust life
A few steps toward achieving a zero trust environment include:
- Limiting domain admin accounts and protecting privileged accounts. Strictly audit who is accessing admin accounts and when, and look for suspicious activity.
- Using Active Directory to protect critical passwords.
- Restricting pathways through your network by using segmentation where possible.
- Extending your zero trust strategy and using secure access service edge (SASE) architecture to help manage technology and infrastructure approaches from one location. By having a management platform, you can streamline the admin work, share data and use analytics to gain an overall security picture. SASE creates the structure that makes zero trust flexible and easy to manage. Secure data and apps by combining both principles.
Nobody likes to dwell on what can go wrong. But using these and other steps can go a long way to protecting you from a ransomware attack or data breach at the hands of attackers.
At Think 2022, explore how advanced tools, technologies and digital methods allow leaders to become the new creators of the ideas that will enable them to thrive and lead in an accelerated digital world. Let’s create something that changes everything. Learn about Think 2022 events and add events to your calendar: www.ibm.com/events/think
Editorial Strategist, IBM