The success of ransomware attacks in 2021 has only emboldened cyber threat actors around the globe to continue these nefarious attacks on innocent victims. Ransomware attacks are only going to be growing in 2022. This conclusion comes from a recent international partner advisory (Advisory) jointly issued by The Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA.
The Advisory details the top trends seen throughout the international community in the growth of ransomware attacks:
- Increased phishing attacks
- Use of stolen remote desktop credentials and brute-force attacks
- Growth in cybercriminal services for hire
- More cyber threat actors sharing information about target victims
- More diverse attack matrixes, including cloud services, industrial processes and the software supply chain
- Increased numbers of attacks on weekends and holidays
Another major trend leading to the growth of ransomware attacks in 2022 appears to be the explosion of Ransomware as a Service offering by ransomware gangs across the globe. As discussed here, ransomware gangs are “franchising” their ransomware tools and techniques to less organized or less skilled cyber threat actors, leading to a tidal wave of new ransomware attacks.
Finally, CISA notes that many of these new ransomware attacks are also specifically targeting critical infrastructure industries throughout the United States. CISA states that ransomware attacks have focused predominately on 14 of the top 16 of these industries, with major attacks against these critical industries:
- Emergency water services
- The energy sector
- Financial services and
- The healthcare sector
According to Data Breach Today, there are defenses that can be employed in this battle:
- Keep all operating systems and software fully patched and up to date
- Lock down and prohibit remote access
- Train users to better identify and prevent cyber-attacks, especially phishing attacks
- Have fewer users with administrative access and privileges on the network
- If you use a Linux-based system, lock it down and ensure that there are “defense in depth” protections in place
- Ensure that you have implemented and are using multifactor authentication (MFA) wherever possible and
- Protect cloud data by ensuring the use of MFA and encrypt data stored in the cloud
Another interesting defensive possibility may be a greater use of Zero Trust Architecture (discussed here). There is strong momentum for Zero Trust as a means of slowing and even combatting new ransomware attacks. We will be discussing this in more detail in an upcoming blog.
2022 promises to be an even more dangerous and expensive year than 2021 when it comes to defending against ransomware attacks. The time has come to become proactive in this battle — don’t wait to be a victim.