2020 was a strange year: an unpredictable election in the USA, wildfires across many countries, and (of course) the pandemic. While it’s lesser known to the public, in the world of cybersecurity, the pandemic has led to a rapid and dramatic increase in the number of successful cyberattacks.
Many analysts are worried that this will add to the economic devastation the virus has already caused to the global economy. And yet, the more things change, the more they stay the same. Most of the attacks we saw in 2020 were similar, or at least of a similar type, to those of recent years. Ransomware, in particular, is slowly becoming the number one threat for businesses of all sizes, which became obvious in the last year. It’s therefore crucial to understand how and why the ransomware threat is growing and developing, and what it could mean for cybersecurity in 2021.
The clearest ransomware trend is that it’s on the rise and looks set to become an even bigger menace in future years. We’ve seen increases in the number of ransomware attacks every year for a decade now, and this form of attack only seems to get more popular.
That doesn’t mean that the ransomware threat isn’t evolving and becoming more sophisticated. Both the infiltration vectors and mechanism used in these attacks are diversifying quickly. Phishing has long been the primary means for loading malware onto target machines, for instance, but the rise of remote working in the past year has also led to an increased number of attacks on Remote Desktop Protocol, a system which had a poor security record to begin with.
The types of devices exposed to ransomware are also diversifying. Today, more than 50 percent of business computing devices are mobile, and many enterprises have also seen huge growth in their Internet of Things (IoT) infrastructure. These changes are now posing new challenges to enterprise network security, particularly as cybersecurity engineers try to secure their endpoints in BYOD environments.
New threat to healthcare
The trends mentioned above will be familiar to system administrators and network engineers in the private sector. However, in the last year we’ve also seen that ransomware has started to affect systems and organizations far outside private enterprise.
One of the most worrying trends from last year was the increased level of ransomware attacks against the healthcare sector. In 2020 alone, more than 750 healthcare providers were impacted with collective recovery costs nearing $4 billion.
These attacks came in multiple variants, using varying mechanisms. Threat actors are also double-crossing ransomware victims by exfiltrating their encrypted data. This trend is particularly concerning as many organizations in the healthcare sector are simply unprepared for the sophistication of these threats. In other words, hackers know a soft, inexperienced target when they see one, and it appears that the healthcare industry is now becoming one of their favorite victims.
More confidence, no consequences
Ransomware hackers appear to have a new-found confidence in their activities and in their ability to escape punishment for their crimes. This should be easy to believe when you consider that it takes an average of six months for enterprises to realize that they have even been hacked in the first place.
Last year we saw a number of state-sponsored cyberattacks that were easily traced to specific perpetrators, and which were also all but admitted to by them. We might have seen the future of cyberwarfare: a world in which states are free to target each other’s economic infrastructure without fear of consequence.
This lack of fear has also translated into the world of ransomware. Ransomware as a service is now an accepted part of the threat landscape, and the “sector” is growing. Similarly, there are worrying signs that the widespread move to smart cities will leave critical infrastructure open to attack. Up until now, smart cities had been protected by one of the unwritten rules of hackers – that civilian infrastructure was off-bounds. With states targeting each other’s energy and commercial infrastructure, it is only a matter of time before we see a successful, high-profile attack on a smart city.
While it’s true that ransomware is on the rise, and that we see more successful attacks each year, there are also signs that enterprises and consumers are better prepared for them than ever before. The smartphone security market is booming, for instance. This is why there is now a widespread acceptance in many sectors that secondary, encrypted backups of all mission-critical data must be kept in order to counter the threat of ransomware. Ultimately, a more comprehensive and nuanced approach to cyber risk management will be needed if organizations are to continue delivering quality services in the new world.
Adam Bangle, VP EMEA, BlackBerry