In Latin America, the region experienced the largest increase in attacks, with 1 in every 23 organizations impacted weekly, a 43% year-over-year increase, compared to 1 in every 33 in the second quarter of 2021, followed by the Asia region, which experienced a 33% year-over-year increase, reaching 1 in every 17 companies impacted weekly.
A recent Kaspersky survey claims that only eight ransomware groups can be blamed for attacks on more than 500 companies worldwide. Not only that, but the attacks followed an identical method, showing a "standardization" of ransomware as a service. According to Kaspersky, attacks between different groups are becoming similar due to the rise of the ransomware-as-a-service (RaaS) concept, in which these groups do not carry out their attacks directly, but instead offer the malicious software to a third party by contracting their services.
The prospect of quickly controlling the situation appears bleak for a variety of reasons, so more attacks can be anticipated in the coming months and years.
In simple terms, ransomware is a slow and low attack that is a fast-acting poison once executed. Cybercriminals have mastered the techniques to design advanced malware, deliver the "poison" payload while evading network perimeter and endpoint detection and prevention methods. Cybercriminals know how to exploit user psychology and the lack of protection controls in information technology, Internet of Things (IoT), and industrial IoT devices.
"Internal threats (malicious/disgruntled employees) are real. Without role-based access controls, dynamic separation of duties, and multi-person authorization ceremonies for oversight, the challenges for network operators and security are complicated. Cryptography is the Achilles heel of cybersecurity, and malware creators know how to turn encryption methods into weapons," said Srinivas Kumar, Vice President of IoT Solutions at DigiCert.
While meticulous and regular system and data backups are crucial for recovery, the damage from a ransomware attack can go far beyond a restore operation. The integrity of affected devices will require extensive and costly forensic analysis at scale in operational technology environments. While executive orders and government agency guidelines are timely and well-intentioned, the cybersecurity industry lacks the determination to address the root cause head-on without a justified return on investment in monetary terms.
What About the Supply Chain?
Detection, prevention, and forensic analysis is a multimillion-dollar industry today, but device manufacturers still perceive (incorrectly) device hardening and supply chain protection as a cost center, and there is no regulation that drives innovation. Cybersecurity must begin at the factory and persist in the field throughout the entire operational lifecycle of the device. Cyberattacks target data, not users.
Breaches occur because CISOs (Chief Information Security Officer, by its English acronym) willing to take risks with outdated checklists and entry-focused controls for multi-layered defense that attackers are well versed in. Attackers possess the will and resources to evade detection, persist, move laterally, and take control of systems.
If you are truly protecting your devices, what are you trying to detect on your network? If you're wearing a raincoat, why do you need an umbrella? You cannot solve a device problem with a network patch. , added Srinivas Kumar. It's convenient, but the wrong solution, which only makes the cybersecurity can get kicked down the road.
DigiCert reviews some focal points that hackers always have in their sights:
- Deciphered passwords from a gullible contractor or employee.
- Dark and insecure servers on the network with unprotected service or domain user accounts.
- Remote access via VPN across the network or a compromised supply chain provider's system.
- Inadequate firewall capabilities to block encrypted commands and control beacons (harmless dial-back messages). It is very clear that zero-day threat intelligence is inadequate, and achieving the goal of a zero-trust architecture, beyond slogans, requires investment and commitment.
Device manufacturers and their duty.
What does this mean for the cybersecurity industry? The connection of unprotected devices aggravates the problem. The home industry of cybercrime has evolved over the years into a strategic cyberwar by nation-state actors and a cybercrime syndicate that has mastered the art of capturing cyber hostages for ransom and profit at scale. Software developer kits and dark web help desks are empowering operatives worldwide without tracking, localization, or punitive actions as deterrent. This is a call to action for device manufacturers and managed security service providers to be first responders and protect cyberspace.
Although digital transformation has been a buzzword for several years, CISOs and product security architects have been, unfortunately, ineffective in advocating for device transformation that will initiate the move toward digital transformation. While silicon chipset vendors have stepped up security innovations, the chain of trust has not effectively managed to expand the stack to the device platform, business-line applications, and the cybervulnerable services supply chain ecosystem.
Protecting the cybernetic fabric of software-defined edge gateways and the plurality of connected brownfield and greenfield devices will require a collaborative and enthusiastic effort with strategic partnerships between innovators and thought leaders in the device industry concludes the Vice President of IoT Solutions at DigiCert.