A new breed of sophisticated cyber criminals are finding new ways to extort money or steal intellectual property. Security Journal Americas’ Editor, Gary Wright examines the danger areas and considers the future.

Your IT department is in turmoil, you’ve been cyber hacked and your organization’s tech system is frozen…and then the ransomware demand arrives. This is a reality for thousands of businesses every day and in 2022 as many as three-quarters of business owners says they expect to face some sort of attack.

Cybersecurity is now the number one security issue for most organizations and barely a day passes without a report of a serious attack. Whether it’s the Colonial Pipeline attack in the United States’ a year ago or the six government departments in Costa Rica paralyzed by a $10m ransomware invasion just last month, they make headlines around the world.

These are the high profile attacks, those that get reported in the media, but cyber crime affects organizations at all levels. Small traders are targets and their owners often choose to pay ransoms of perhaps a few thousand dollars rather than face the collapse of their business.

On Instagram, business owners and even influencers who earn their living from their profile, have received an email purporting to be from Instagram suggesting copyright breach may result in the suspension of their account. They’re told to log in on the linked page from the email – which looks official – and fill out a form.

Attackers move fast once the victim has ‘logged in’ and account owners are frozen out almost immediately until they pay the ransom demand. It’s easier for many to pay than face rebuilding their lost online presence.

But it’s not all bad news according to the new Sophos The State of Ransomware 2022 report, an independent survey of 5,600 IT professionals across 31 countries.

It says organizations are getting better at restoring data after an attack though almost half paid the ransom. Almost all organizations hit by ransomware in the last year (99%) now get some encrypted data back, up slightly from 96% last year.

Backups are the number one method used to restore data, used by 73% of organizations whose data was encrypted. At the same time, 46% reported that they paid the ransom to restore data. These numbers reflect the fact that many organizations now use multiple restoration approaches. Overall, almost half (44%) of the respondents whose organization’s data had been encrypted used multiple methods to restore data.

While paying the ransom almost always gets you some data back, the percentage of data restored after paying has fallen. On average, organizations that paid got back only 61% of their data, down from 65% in 2020. Similarly, only 4% of those that paid the ransom got all data back in 2021, down from 8% in 2020.

By contrast some investigations have concluded that hackers are becoming more professional by earning a ‘good reputation’ for restoring systems once the ransom is paid. Their new professionalism also extends to the way they approach potential victims with thorough research before the attack is triggered into the financial background of organizations to ensure the ransom demand is ‘worth it’ but is also not too high.

Cyber hacking is an epidemic in 2022 and there is no real sign of it being curbed but who are these criminals? Well, even before the war in Ukraine, Russia was seen as a leading source and home of active ransomware operators – the notorious Conti Group is the most prominent currently – believed to have the blessing of President Putin to operate so long as they didn’t target the state or its allies.

Attacks on infrastructure were different and following a series of incidents, from the USA to Saudi Arabia, the FBI decided to name four Russian individuals earlier this year who it said were linked to Russian intelligence.

China has made headlines for targeting the intellectual property of companies through hacking rather than ransom demands. A year-long malicious operation – spearheaded by the notorious Chinese state actor, APT 41 – stole from around 30 multinational companies in the manufacturing, energy and pharmaceutical sectors, said to be worth ‘trillions of dollars’. The report into the operations, dubbed Operation CuckooBees, was released by the Boston-based cybersecurity firm Cyberreason in May.

It’s not always ransom demands that hackers use to extract money either. The Lapsus$ hacker group targeted Microsoft and Okta in breaches confirmed by both technology organizations in March this year. Lapsus$ is based in Brazil and Microsoft says it is known for using a pure extortion and destruction model without ransomware sophistication – pay up or see your system crippled.

There can’t be many people with access to email in 2022 who haven’t been told the risk of clicking links in emails if you don’t know the sender. Now though it is not uncommon for staff to receive emails purporting to be from a senior manager in the company accompanied by a simple request and instruction that could be completed through the click of a button.

Earlier in this issue we looked at data protection and storage and one of the leading people in the business David Feller, a VP, at Spectra Logic  said that companies no longer consider what they will do IF they suffer a cyber-attack. “Now information tech professionals say ‘what happens WHEN?’ I get attacked.”

Another report demonstrates that businesses have recognized the problem with three-quarters of businesses worldwide believing they will be breached this year.

That information came from the latest Trend Micro Inc CRI report, completed every every six months. It revealed that 76% of global organizations think they’ll be successfully attacked in the next 12 months, with 25% claiming this is “very likely” to happen and an even higher percentage (34%) among North American organizations.

It highlighted another dramatic change in the security landscape over the past two years as well.

When it comes to IT infrastructure, organizations are most worried about mobile/remote employees and cloud computing. The Covid pandemic which transformed people’s working lives and saw companies quickly adopt and adapt to home working opened the door for cybersecurity breakdown as company system protections were suddenly made vulnerable to home WiFi usage.

The FBI has also investigated attacks, which increased dramatically in the past three years and it calculates that $43 billion has been extracted via email in the past decade in figures it released this April.

So, today organizations will pay attention to incoming emails, they will ensure that upstream partners who use their systems obey security protocols with specific access only. Alongside this, organizations will back-up systems with the best tech they can afford.

Finally, we are now discovering that it’s not just emails or suppliers that may allow malicious attackers into your system: you need to pay attention to everything internet based, from your access control systems to the CCTV cameras that protect your physical business.

The Internet of Things has seen amazing technological benefits for us all. From central heating pumps that can let you know when they’re about to break down to the explosion of wirelessly connected CCTV cameras that have transformed the security landscape.

Yet it’s that very connectivity, that brings so much to our lives and eases maintenance and monitoring, is actually the danger spot. All IoT devices must run the latest software and suppliers must be able to reassure users that software updates will not disappear once new models are launched.

Simply throwing people and money at the problem is not the solution, according to the Sophos report conclusion. Organizations must invest in the right technology and look to partner with experts that can help them improve the return on their cybersecurity investments.

And it noted that most organizations – especially those who have suffered attacks – are choosing to reduce the financial risk associated with an attack by taking cyber insurance.

This is an unedited version of the Cybersecurity feature published in the June issue of Security Journal Americas. You can read this article online HERE, beginning on page 72.

Security Journal Americas NEWS INDEX