The Silent Escalation of Cybersecurity Attacks
The last several years has seen an escalation in cybersecurity attacks targeting enterprises and government organizations of all sizes.
Many of these cybersecurity attacks have made headlines, such as the Colonial Pipeline ransomware attack that shut down half of all oil and gas deliveries to the east coast of the United States, leading to weeks of disruption.
These high-profile attacks, and there have been a lot of them, are just the tip of the iceberg as most victims of ransomware quietly pay the ransom and move on without creating a lot of media attention.
Ransomware Is a Full-fledged Business
Over these last few years, ransomware has developed into a complete business ecosystem.
Cybercriminals have created easily deployable toolkits so that non-technical users can run cyberattacks against their victims.
Ransomware as a Service (RaaS) is a real thing and is available for purchase on the dark web. These cybercriminals have even built a venture-capital based system where successful hacker groups are combining their resources to financially back new operators with seed money for a cut of their future “earnings.”
Nation-States—Setting the Stage for Cyber Warfare
Upping the game even further, there are numerous hacker groups that are supported by nation-states, predominantly Russia, North Korea, Iran, and China.
With the vast resources of a nation-state being made available to a sophisticated hacking group, no organization or system should be considered safe from attack. In addition to stealing intellectual property from enterprises, or exfiltrating information from government organizations, the goal is to access systems without being detected with the intent to cause disruption or destruction when the time is right, meaning cyber warfare.
Ransomware on the Decline?
Although the overall volume of malware attacks increased in 2022, the volume of reported ransomware attacks was down compared to the previous year.
Some of this decline is no-doubt due to increased awareness by enterprises and government agencies as well as the high-profile prosecution of several hacker groups, however this may also be partially attributable to a shift in strategy by the attackers.
One notable trend in recent attacks is that there is a higher emphasis on espionage and data exfiltration than there is in encrypting files and openly demanding a ransom. This shift in strategy elevates the importance of remaining undetected for a much longer period of time to retain prolonged access to the breached system.
Is My Organization a Target?
Every enterprise should assume that they are a target for cyber criminals and put systems and practices in place to protect its assets from cybersecurity attacks.
These should include technology solutions to identify and automatically remediate any attack, but equally important is the training of employees so they understand what to do, and what not to do, when presented with a security matter.
This training needs to be embraced throughout the entire organization, all the way up to the CEO, who’s ultimately responsible for security within the organization. This training should not be perceived as just a box that needs to be checked annually, but rather a culture of security that is core and integrated in the organization’s overall culture.
Bottom Line
Threat actors are constantly devising new methods and tactics to bypass existing security tools.
Enterprises need to stay ever vigilant of cybersecurity attacks and employ people, process, and technology to keep it protected from cyber criminals.
Enterprises need to evaluate AI powered security offerings that dynamically assess the threat landscape and automatically identify and mitigate any threats as soon as they are found.
This blog is a part of the Digital Operations blog series by Aragon Research’s Sr. Director of Research, Craig Kennedy.
Missed an installment? Catch up here!
