With the start of Q4 and Cybersecurity Awareness Month, the last three quarters have witnessed exponential growth in the severity and number of attacks. A report by Malwarebytes in August showed that over 1,900 ransomware attacks were reported this year in four countries and that over 43% of these global attacks happened in the United States. To put this number in perspective, according to this report, there has been a 75% increase in the number of monthly attacks over the last six months.
New Trends
One of the trends now taking hold is Ransomware-as-a-Service and other types of services where affiliate teams of hackers provide parts of an attack and pay teams to execute the attacks. These organizations leverage vulnerabilities and zero-day threats as part of the entry point for the breach. This trend has transformed the edge that bad actors have on organizations by significantly increasing the frequency and severity of the attacks.
The second troubling trend that is taking place is the reoccurrence of breaches in organizations. Organizations that have experienced a breach in the past are now seeing a reoccurrence of yet another round of attacks. This, in combination with the average cost of a breach continuing to rise to over $4.45M, organizations continue to struggle to evade attacks. In a report published this summer, IBM shares that over half the organizations that experience a breach are unwilling to increase security spend despite the rising costs of experiencing a breach.
The trend to pay ransom requests continues to fuel this fire. According to Varonis, the 148% increase in attacks since the pandemic increases the cost of the actual ransom price tag. Organizations are now paying record numbers to restore business. In 2021, the $40M ransom that was paid by an insurance company was exceeded in 2022 by a staggering payout of $70M. 2023 is not over, and the trend continues as bold bad actors are now asking over $100M from organizations that have been locked down.
Although most ransomware attacks are carried out through email campaigns and phishing, there is a growing trend around social engineering, where teams of hackers conduct surveillance on individuals through social media who likely have elevated credentials and then place a helpdesk call for a password reset. This type of attack has been utilized in a variety of breaches, resulting in significant control of organizational systems and applications.
Once a ransom is paid, organizations often think that is the end of the attack. However, a new behavior by bad actors has started to emerge, where ransom payments are made, and the terror and attack are not over. Although money and the keys have changed hands, the encryption restoration is often not sufficient for the attacked organization to restore services, to the point where organizations have to spend millions more in services to restore databases, AD structures, and environments that were left still encrypted or damaged by the attack. Beyond the actual rebuild, reoccurring requests by the bad actors come in almost a round two of extortion for exfiltrated data. Additional threats and ransom requests follow to keep the exfiltrated data from appearing on the dark web for sale. This ongoing extortion tactic is extending the conversation and recovery for months and over several transactions rather than the thought of a one-and-done type of approach. Make no mistake, these criminals intend on monetizing every item possible, and extortion of an original breach is taking place at an alarming rate. This prolonged approach to terrorizing organizations makes it possible for a single breach to result in numerous ransomware payouts. This is not going unnoticed by Cybersecurity Insurance Carriers that now are rethinking ransomware coverage. According to a report published by Veeam, for 21% of organizations studied that carried insurance policies, ransomware was specifically excluded from the cybersecurity insurance coverage. This in combination with a 74% increase in premiums, leaves organizations on their own for ransoms and costs in the event of a breach.
Outlook
No organization is SAFE. As long as companies continue to pay ransom requests, bad actors will continue to attempt to monetize the lockdown of organizations. According to the 2023 State of Ransomware report, the number of hacker groups continues to grow exponentially, and the number of attacks is growing across the globe. This type of increase puts all organizations that depend on technology at risk. It is documented that over 80% of ransomed organizations pay to restore technology services once attacked. With exponential growth in frequency and complexity of attacks, this crime has become very lucrative for nation-states and teams of organized hackers to generate huge payouts.
As long as organizations continue to pay, these trends are going to continue. With insurance now only covering a part of the costs associated with the breaches, organizations will continue to shoulder the millions of dollars in losses and the uncalculated collateral damages with lost business and consumer trust. Unfortunately, 2023 has exceeded all records for breaches, data exfiltration, and ransomware attacks. With the shopping season ahead, the outlook is challenging for all types of organizations. Organizations will need to continue to be vigilant and constantly improve security postures and procedures to avoid being the next target.
- Ransomware and Social Engineering Threats Are Real - September 26, 2023