There will be no let-up in ransomware attacks, as it has proven to such a profitable business model of cybercriminals. The cybersecurity landscape is evolving, and many businesses do not understand how to keep their defenses ahead of the attackers. While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers. The loss of just a few thousand dollars in ransom payments can be devastating and hackers do not discriminate when casting a wide net. Even if the ransom is paid, will your files be unlocked, posted, or even auctioned to the highest bidder. Remember, you are dealing with criminals and criminals have no rules.
Hackers are mining for data, passwords, and other bits of information that can open the door to a company’s assets. Email scams, password and login theft, malware, and ransomware are among the cybercriminals’ primary weapons. Most attacks begin with a simple phishing attempt and when the “Bait” is taken, malware, Trojans, and ransomware follow.
Cybersecurity threats have been constantly growing in 2019, according to a new report by Crypsis Group, incident management, and digital forensics company. The Crypsis 2020 Incident Response and Data Breach Report found that cybercriminals have “significantly escalated tactical approaches” and become more targeted in their actions. Ransomware attacks and business email compromise (BEC) were the two most impactful cyber threats in 2019 with ransomware demands up 200% last year and BEC fraud losses averaged $264,000 per incident. As stated above, these attacks began with low-cost phishing attempts.
Software as a Service (SaaS) is being increasingly used and is a method of software delivery and licensing in which software is accessed online via a subscription, rather than bought and installed on individual computers. The COVID virus pandemic has forced businesses to start working from home on a massive scale, and SaaS platforms now have switched from being a matter of choice to a necessity. While the long-term advantages of this global switch are yet to be discovered, SaaS security threats are already out there. One of the most threatening is Ransomware 2.0.
This has led to a new generation of attacks, using sophisticated types of ransomware that spreads to the cloud and encrypts SaaS data of cloud services. The average ransom payment was $41,000 in 2019, although cyber liability insurance firms say that the real cost of a ransomware attack for a company with 50 employees has reached $73,000. This cost includes; Ransom fees, Forensics, Legal Fees, Fines and Penalties, and Data Recovery payments.
Ransomware has become a multibillion-dollar industry for cybercriminals, who to maximize their profits, are expanding to new potential markets with a particular focus on the fast-growing Cloud computing sector.
Cyber-criminals have new market opportunities. Many offline businesses are closed due to COVID-19, which reduces new opportunities for cyber-criminals. Phishing attacks are up 667% since the pandemic began. Cyber-criminals seem to be looking for new ways to generate revenue. Cloud services have become mission-critical apps for successful businesses. The spread of coronavirus will push companies to speed up their cloud adoption. Many organizations already cannot imagine their business operating without cloud services. It is only a matter of time until ransomware actors begin targeting cloud data.
A scenario for a cloud ransomware attack:
- A user gets an email that looks like it was sent from their cloud service provider. It requires the user to click a phishing link to update an app.
- A user installs a malicious app or a Chrome extension that requests a scope of permissions to access G Suite or Office 365 SaaS data.
- Once permissions are granted, the app starts encrypting data directly in the cloud.
- Ransomware that targets the cloud is here and we can expect that in the next one to two years, this evolution will accelerate, with the emergence of a whole new generation of ransomware.
What can you do to better protect your organization today?
- Proper data back-up and off-site storage policies should be adopted and followed.
- Institute cyber threat and phishing training for all employees, with testing and updating with quarterly updates.
- Manage, review, and update file permissions and access for all employees.
- Phishing is normally the first step in a broader attack campaign.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, without having to connect to your network.
- RedXray customers can receive up to $100,000 in ransomware coverage at no additional expense to them.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitorings in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org