A surge in “sophisticated, high impact” ransomware attacks has prompted the United States’s Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian Cyber Security Center to issue a joint advisory about the techniques being used by cybercriminals to attack businesses and organisations.

Reacting to ransomware attacks against a broad range of industry sectors – including defence, financial services, IT, healthcare, education, energy, charities, and local government, the agencies warn that ransomware tactics and techniques have “continued to evolve in 2021.”

In the joint bulletin, the agencies claim that ransomware threat actors’ are demonstrating a “growing technological sophistication” which poses an “increased ransomware threat to organisations globally.”

According to the cybersecurity authorities in the United States, UK, and Australia, the top three initial infection vectors for ransomware incidents during 2021 were:

  • Phishing emails
  • Remote Desktop Protocol (RDP) exploitation via stolen credentials or brute force
  • Exploitation of software vulnerabilities

Once an attacker has gained the ability to enter a network or to execute code on a device ransomware will often be deployed. Unfortunately, it’s likely that these infection vectors will remain popular because of the increased level of remote working, which has expanded the remote attack surface and – in the words of the report – “left network defenders struggling to keep pace with routine software patching.”

In addition, the ransomware business became increasingly professional in 2021, with the increased use of Ransomware-as-a-Service (RaaS) operations, some of which are even offering 24/7 helpdesk support to victims in an attempt to expedite ransom payments.

And, as is well documented, businesses have been encouraged to open their purses by attackers threatening to leak stolen sensitive data if demands are not met.

The view of CISA, NCSC and the Australian Cyber Security Center is (Read more...)