Total Security Advisor
Practical Security Tips, News & Advice.
Updated: Jan 2, 2023
A ransomware attack has the ability to disrupt the basic functioning of an organization and bring it to a standstill. The damage these attacks can inflict has become a matter of national security. In 2021, President Biden launched the Executive Order on Improving the Nation’s Cybersecurity, which mandated the transition to a Zero Trust framework.
BlackFog has been closely tracking ransomware trends for over three years now. In October 2022, we saw the sharpest increase in attacks to date. Here, we delve into the most targeted sectors, how attacks unfolded—and what can be done to defend against them.
Cyberattacks are now more strategically targeted than ever before, focusing on specific sectors or, in some cases, a particular organization. Criminal gangs have become more creative in delivering these attacks, so it would be safe to assume that threat actors would flock to capital-rich industries like finance or insurance. However, BlackFog’s research found that the most consistently attacked are those in the public sector: education and government.
Additionally, the FBI, MS-ISAC, and CISA have recently issued warnings about disruptive attacks targeting the education sector. Educational institutions in the U.S., especially K-12 schools, have been the most prevalent victims of disruptive ransomware attacks. Research revealed a 16% increase in attacks on the education sector in October and a 14% increase in November. Government attacks saw a rise of 12% in October and 13% in November.
BlackFog’s research also highlighted that the healthcare and technology sectors are facing a more significant number of cyberattacks. In October, attacks on the technology sector went up by over 29%, compared to the previous months. So, why has the number of attacks on these sectors gone up?
The education sector is well known for its budgetary restrictions, so it might not seem lucrative. However, the value in an attack is not always about the target itself, but the value that can be leveraged through extortion. Educational institutions have a lot of valuable data about students, parents, and employees that can be very valuable in the wider market.
Budget constraints virtually guarantee that education is an easy target, with low investment in both technology and personnel. Moreover, another aim behind orchestrating a ransomware attack is to create disruption. The bigger the institution, the greater the impact an attack has on its victims. It also means that the institution is more likely to pay a substantial sum to recover its data and resume services.
The government and healthcare sectors face similar problems with additional complications such as HIPPA and other forms of regulation and compliance.
The technology sector is another highly lucrative one in terms of payout. Businesses in this area naturally depend heavily on internet-based applications; hence, an attack on this sector has a devastating impact. Since an attack will likely cause an organization’s operations to entirely grind to a halt, the perpetrator has plenty of leverage for their demands.
A serious ransomware attack will not only cause loss of business, but also reputational damage. Customers, as well as employees, are left with a constant feeling of insecurity after an attack involving their data has occurred. Attacks also frequently have domino effects which cause disruption to other organizations that rely on them.
The month of October witnessed a dramatic change in the ransomware variants with BlackCat, Hive, LockBit, and Conti on the rise.
BlackCat saw an increase of 47% compared to previous months, and there was a significant increase in LockBit. LockBit was previously used to disrupt operations at U.K. car dealer Pendragon when criminals demanded a record-breaking $60 million ransom.
The increase in usage of these variants reflects their effectiveness. The BlackCat variant is known to have significant data destruction capabilities after it created havoc in September this year.
Worse still are the PowerShell attacks carried out by malware gangs. BlackFog’s investigation also discovered an 85% increase in the use of PowerShell. Microsoft PowerShell provides strong control over Windows systems, which can be exploited by adversaries to orchestrate several sophisticated cyberattacks, like ransomware.
One of the best ways to defend against ransomware code is to ensure that malware doesn’t enter the network in the first place. Organizations need a holistic approach to protect themselves against ransomware zero-day exploits, and modern ransomware techniques continue to defeat existing tools. Solutions such as XDR, EDR, firewalls, and anti-virus tools do not provide adequate protection from this new type of attack.
Criminal gangs are increasingly deploying double and triple extortion malware that combines data encryption with exfiltration. Investigations found that data exfiltration was involved in 89% of the attacks in October and November. Anti data exfiltration (ADX) is a new technique that can be used to mitigate this risk by restricting data from leaving the device.
Ransomware is considered to be in its “golden age” as attacks become more targeted and gangs leverage highly advanced polymorphic techniques. Organizations need a multi-layered approach to defend themselves against these new ransomware variants as threat actors continue to evolve and share their code within their networks.
This pervasive threat sees no signs of slowing down anytime soon, and all organizations need to be prepared for the inevitable by adopting modern tools to protect their most valuable asset, their data.
Dr. Darren Williams is CEO and founder of BlackFog, a global cyber security company focusing on ransomware prevention and cyber warfare.
Download this free report to learn seven steps to protect your facility from workplace violence.
This report is sponsored by the Total Security Summit, an event specifically organized for VPs, Directors, and Managers of Security who are directly concerned with their facility’s security and safety operations.
The Security Industry Association (SIA) announced a major milestone in its SIA OSDP Verified initiative – that over 100 device models have been named OSDP Verified through the comprehensive program, which validates device conformance to the SIA Open Supervised Device Protocol (OSDP) standard. SIA OSDP standard is an access control communications protocol standard maintained by SIA to improve interoperability, add […]
GXO Logistics, Inc., the world’s largest pure-play contract logistics provider, announced that it has deployed advanced air and ground security robotics at one of its major distribution centers in Clayton, Ind., and plans to significantly increase deployment of automated security systems across other sites within the next year. This would be the largest air and […]
The Security Industry Association (SIA) is pleased to announce the first members of its Utilities Advisory Board Steering Committee. SIA created the Utilities Advisory Board to offer insight and education to security practitioners, members of the security industry and other stakeholders about emerging security trends, regulatory compliance issues, and recommended practices for protecting utility infrastructure. The steering committee members, […]
SILVER SPRING, Md. – The Security Industry Association (SIA) has named Alice DiSanto the 2022 recipient of the SIA Committee Chair of the Year Award, which recognizes individuals for excellence in leading SIA committees and advancing member objectives. SIA will present DiSanto with the award at The Advance, SIA’s annual membership meeting, which will be held March 22 during […]
ISC West, in collaboration with premier sponsor Security Industry Association (SIA), continues to experience steady growth for the upcoming event, and will be taking place just less than two months away on March 22-25, 2022 at the Venetian Expo in Las Vegas (SIA Education@ISC: March 22-24 | Exhibit Hall: March 23-25). After initial reports of […]
Our world is full of threats both external and internal. This whitepaper encourages looking at life safety and security measures on your campus from another perspective. Most facilities have addressed access control and the securing of main doors, but those should be measures of last resort. There are steps you can take — some that you may not have considered — to mitigate the threat before it arrives at your front door.
The 2019 Total Security Salary Guide is here to help physical and technical security employers and employees understand where they stand in today’s security job market. This Salary Guide includes not only salary and wage data from 2017 to 2018, but also certification information as it applies to 20 benchmarked exempt and nonexempt security positions.
A proliferation of cameras has resulted in an overwhelming amount of video available to security operators, analysts and investigators. Technology that used to be prohibitively priced, is now cheap and readily accessible.
Learn how to protect your people, assets and physical spaces better with AI-powered solutions that deliver whole-building security.