Barracuda Networks Reports Ransomware Volume Spikes
Barracuda Networks published a report today that showed the volume of ransomware threats its security operations center (SOC) team detected spiked in January and again in June to more than 1.2 million per month.
The report also noted that out of 106 highly publicized ransomware attacks that occurred in the last 12 months, the dominant targets were education (15%), municipalities (12%), health care (12%), infrastructure (8%) and financial services (6%). Attacks against municipalities increased only slightly, but ransomware attacks on educational institutions more than doubled, while attacks against health care and financial services providers tripled. Attacks against IT service providers accounted for 14% of attacks in the same time period.
Finally, the report also surfaced instances of attacks in which ransomware gangs are now demanding a late fee or penalty if ransom payments are not made promptly. However, the report also found that fewer victims are caving to attackers’ ransomware demands.
Barracuda Networks CTO Fleming Shi said as ransomware attacks continue to plague organizations, it’s apparent there is a need for organizations to review their cybersecurity defenses. In addition to credentials being easily accessible, misconfigurations of IT services have become a breeding ground for ransomware attacks, he noted.
In general, the report found there are several similarities among ransomware attacks. Most attacks, for example, were not single-day or single-week events; they were carried out over multiple months. Credentials were either stolen through phishing attacks or purchased on the dark web and virtual private networks (VPNs) are constantly targeted.
Most organizations rely on VPNs simply because they were the tool at hand when the need to securely enable remote work became critical in the immediate aftermath of the COVID-19 pandemic. However, many of those VPNs, in time, will be replaced by secure access service edge (SASE) platforms that are both more secure and efficient in terms of their ability to eliminate the need to backhaul cloud network traffic via a local data center.
Barracuda Networks recommends disabling macro scripts, employing network segmentation, removing unused or unauthorized applications, enhancing web application and application programming interface (API) security and reinforcing access controls to backup and recovery applications as measures to thwart ransomware attacks.
The company also noted that no rule-based security solution will be strong enough to combat ransomware attacks as the attacks evolve across an expanding attack surface. As such, there will be an increased need to rely on machine and deep learning algorithms to thwart these attacks, Shi noted. The challenge is that most organizations are going to be overwhelmed by the amount of data that needs to be analyzed so there will be increased reliance on vendors to provide those types of artificial intelligence (AI) capabilities via a security service hosted in the cloud, he added.
There’s no doubt that as cyberattacks continue to evolve, the days when organizations could rely on a firewall and antivirus software alone are over. The issue is finding the most cost-effective means to add additional layers of security to more consistently thwart those attacks.
