According to Verizon’s 2024 Data Breach Investigations Report (DBIR), ransomware was a leading threat across 92 percent of industries surveyed and accounted for nearly one-third of all breaches or other extortion tactics.
The exploitation of vulnerabilities has experienced a substantial growth of 180 percent from 2023, according to the DBIR. Last year’s MOVEit Transfer exploit is just one example of widespread manipulation of vulnerable systems.
There have been several recent shifts in cybercriminals’ tactics, reflecting their adaptation to new technologies, defenses, and opportunities, resulting in the growing sophistication of their attacks. This increasing threat, along with reports that emerged last month stating an unnamed Fortune 50 company made the highest known ransomware payment to date of $75 million, should spark serious concern.
To defend against these new techniques, you will first need to become familiar with them and how they operate. Here are several notable threats you will want to be aware of:
-
Ransomware as a Service (RaaS)
This model has made it easier for non-technical criminals or groups, often referred to as “affiliates,” to deploy ransomware by offering user-friendly interfaces and even customer support and tutorials in exchange for a share of the profits from successful attacks. This has led to a significant increase in the frequency and diversity of ransomware attacks.
-
Double and Triple Extortion
Initially, ransomware was about encrypting data and demanding a ransom for decryption. However, cybercriminals have advanced to “double extortion,” where they also steal data and threaten to release it publicly if the ransom isn’t paid. Some groups have moved further to “triple extortion,” where they target third parties (e.g., customers, partners) whose data has been compromised, demanding ransoms from them as well.
-
Supply Chain Attacks
Ransomware groups are increasingly targeting supply chains, where they infiltrate software providers or service vendors to distribute ransomware through trusted software updates or services. Since supply chains often involve multiple organizations, a single attack can have cascading effects, impacting numerous businesses and their customers. The costs associated with supply chain attacks can be immense, including remediation expenses, regulatory fines, lost revenue, and legal fees.
-
Targeted Ransomware Attacks
Instead of widespread, indiscriminate attacks, cybercriminals are focusing on high-value targets such as large corporations, healthcare facilities, and government agencies, demanding higher ransoms. Targeted attacks are meticulously planned, involving extensive reconnaissance and often exploiting specific vulnerabilities within the target’s network. Attackers often use spear phishing emails tailored to specific individuals within the organization, such as executives or IT administrators.
-
Exploitation of Remote Work Vulnerabilities
With the increase in remote work, attackers are exploiting vulnerabilities in remote access technologies, Virtual Private Networks (VPNs), and collaboration tools to gain access to corporate networks. Attackers often use brute-force attacks to guess weak or reused passwords on Remote Desktop Protocol (RDP) and VPN services, gaining unauthorized access to corporate networks. They may also exploit unpatched vulnerabilities to infiltrate systems, deploy malware, or gain a foothold in the network.
-
AI and Automation
Cybercriminals are leveraging AI and machine learning to automate attacks, improve phishing techniques, and optimize their targeting. Automated attacks use scripts, bots, or other automated tools to carry out attacks with minimal human intervention. They are typically designed to exploit known vulnerabilities or weaknesses in systems. These attacks can be more sophisticated and adaptive, making them harder to detect and defend against.
-
Targeting Cloud Environments
As organizations move more of their operations to the cloud, ransomware groups are adapting by targeting cloud environments and uncommon platforms like industrial control systems and IoT devices. These targets often have fewer security protections, making them attractive to attackers. Learn how a Cloud Security Vulnerability Assessment from RedLens InfoSec can help identify the risks within your cloud computing environment.
-
Cryptocurrency Theft
Ransomware operators typically demand ransom payments in cryptocurrencies like Bitcoin, Monero, or Ethereum. Cryptocurrencies are preferred because they offer a level of anonymity that traditional financial systems do not. Once the ransom is paid, it is difficult to trace and recover the funds, making it an ideal payment method for cybercriminals.
-
Deepfake Technology
Deepfake technology uses artificial intelligence, particularly machine learning algorithms, to create realistic but fabricated audio and video content. This technology can generate convincing impersonations of individuals or manipulate media in ways that can be misleading or harmful. Cybercriminals are beginning to use deepfake technology for impersonation and fraud, making it harder to distinguish between legitimate and malicious communications.
-
Use of Legitimate Tools (Living off the Land)
Breaches involving the misuse of legitimate tools exploit software and utilities that are commonly used for legitimate purposes, leveraging their features to perform malicious activities. Since these tools are trusted and often whitelisted by security systems, they can bypass traditional security measures and avoid detection. Attackers are increasingly using legitimate system tools, such as PowerShell and Windows Management Instrumentation (WMI), to execute their ransomware, or may use social engineering techniques to trick users into installing or executing legitimate tools that are then used for malicious purposes.
As ransomware tactics and cyber threat techniques continue to evolve, it’s important to highlight the need for organizations to continuously adapt their security strategies to stay ahead of cybercriminals.
CampusGuard and our RedLens InfoSec security division make it a priority to stay informed of these and other emerging techniques and are ready to advise your organization on the steps to protect against these evolving threats.
Review our information security training courses to see how your organization can better educate end users and protect against common attack vectors like phishing and vishing. Our teams can also help engage your teams in an incident response tabletop exercise, so all stakeholders understand their responsibilities and the appropriate steps to take in the event of a potential attack.
Watch our video to learn more about the threat of ransomware and steps to safeguard against it.
You can also access our infographic for tips for preventing ransomware to learn more.
Contact us if you have any questions and to get started on boosting the security posture of your organization.
