Success breeds success, as they say. And the rich rewards being reaped by ransomware attacks have led to a surge in these incidents. According to the Cybersecurity Threatscape by Positive Technologies, ransomware is now used in 45% of all malware-related attacks against organizations.
Hackers Target Industrial and Health Sectors
Cyberattacks grew by 51% last year compared to 2019, and their frequency continues to rise. That is an awful lot of potential ransom dollars.
Attacks are becoming more targeted, too. There was a 91% jump in cyberattacks on industrial companies and a 54% rise in malware-related attacks to industrial firms compared to 2019. Similarly, the number of attacks on medical institutions increased by 91% — making the health care sector the top target for ransomware attacks currently.
The number of attacks on medical institutions increased by 91% last year.
“Amid the COVID-19 pandemic and overloaded health systems worldwide, hackers added fuel to the fire by disrupting the availability of medical information systems with devastating consequences,” said Positive Technologies analyst Yana Yurakova.
“In 2020, the total damage caused by ransomware attacks against medical institutions in the U.S. was estimated to reach $20.8 billion.”
Cyberattacks Become Less Random
Phishing is aptly named. You send out malicious links and attachments posing as a trusted source in order to get some unfortunate person to click, and then introduce malware into the enterprise. Like fishing, you put the line into the water and see what kind of fish comes along.
Traditional phishing is all about volume. You blast out loads of emails and sometimes you get a bite. But those days are coming to an end. The bad guys have decided to skip the sardines and go after marlin. According to the report, 7 out of 10 attacks are now aimed against specific, high-potential targets.
Industrial organizations, hospitals, financial services firms, schools, and local government are all ripe for a malicious campaign. They either represent deep pockets, or provide a service that can’t be denied to its users for any length of time. As such, the most popular targets are:
- Government institutions (19%)
- Industrial companies (12%)
- Medical institutions (9%)
Digital Transformation Creates New Targets
The industrial category represents a fairly new phenomenon in cybercrime. With digital transformation becoming something of a watchword, those in industry have been merrily tearing down the barriers between their IT systems and the Operational Technology (OT) systems that sit on the shop floor or production line. The result is a spike in attacks on industrial targets, with the Colonial Pipeline hack being the most notable.
Even more recently, vulnerabilities were found to exist in widely used Siemens programmable logic controllers (PLCs). These devices are used in assembly lines, industrial processes, power generation, and other facets of industry.
Read more: You Really Can’t Do Enough Security Training
Part of the problem is inexperience. When hackers began to use viruses in the early days, it was relatively easy to infect a user. Over time, antivirus and other protections became more mature. And users started to learn better security practices.
In the world of OT, this is all new. Some systems date back decades, and security was the last thing on the minds of their developers. As soon as you web-enable or digitize these applications, systems, and devices, it’s a Pandora’s Box in reverse — Pandora has a good chance of breaching the enterprise.
Cybersecurity Must Evolve
The Positive Technologies report noted that industrial companies are being attacked by a number of different ransomware variants stemming from various criminal gangs. Some of them delete backup files before starting the encryption process. They can also stop industrial control systems in their tracks. Phishing frequency against industrial targets is also on the increase.
Dmitry Darensky, Head of Industrial Cybersecurity Practice at Positive Technologies, listed a variety of other breaches of industrial targets: water infrastructure breached in Israel, an Indian power outage due to a cyberattack, and companies such as Huber+Suhner and Honda being forced to halt operations because of breaches.
Penetration tests or threat modeling audits are not enough to provide a sufficient assessment of current risks.
He added that penetration tests or threat modeling audits are not enough to provide a sufficient assessment of current risks. Neither are conventional security assessments.
“To simulate an attack without affecting real-life systems, digital twins or a cyber-range can be used,” said Darensky. “A cyber-range provides a safe environment where experts can get the most comprehensive picture of whether certain risks can be triggered (for example, oil storage overflow), protection mechanisms will respond in time, and infosec teams will detect and stop an incident.”