Article by Radware director of Threat Intelligence, Pascal Geenens.
Over the past few years, organisations have quickened the pace at which they migrate applications to multiple clouds and leverage new software architectures to increase their application development’s agility and feature velocity.
In fact, according to a recent Radware report, 70 per cent of production web applications now run in cloud environments. This increase in distributed and hybrid infrastructure and application complexity is creating even more challenges for organisations to control the wide attack surfaces.
The same report reveals that approximately one-third of respondents anticipate that their organisation’s most significant application security concern over the next two years will be maintaining a coherent security policy across heterogeneous environments. Nearly as many respondents believe that their most significant concern will be gaining visibility into the security events impacting their organisation.
Despite the implementation of new security technologies, organisations continue to struggle to maintain visibility and consistency of security policies across the heterogenous collection of platforms, infrastructures, and technologies.
There are five key challenges for securing hybrid environments. These include emerging threat vectors, broader attack surfaces, agile software development and DevOps cultures that often leave security as a secondary priority, and multi-cloud deployments that convolute the implementation of coherent security policies. Unfortunately, many organisations have simply been unable to overcome all of these challenges.
Hackers for hire
Meanwhile, attackers have been organising their underground ecosystems and gathering followers from skilled hackers-for-hire and affiliates, who are happy to enjoy the profits of large extortion campaigns. For example, the Avaddon, SunCrypt and Ragnar Locker ransomware gangs have been known to use DDoS attacks to put additional pressure on their victims.
Ransomware groups regularly post messages to hire experts in domains such as backup technology — not to fix but to destroy — and conduct high-profile DDoS attacks. For example, cybercrime gang Lockbit was found to be posting ads to recruit affiliates, including Mēris botnet operators.
The incentives are large. A survey of 300 U.S. based IT decision-makers found 83 per cent of ransomware victims paid the ransom demand. And the demand for hacking skills and underground resources has been growing ever since ransomware operators began conducting successful campaigns.
Shifting cyber attacks
With highly motivated threat actors looking for payments from organised cybercrime groups, attacks have shifted from automated to human-operated attacks. Agari researchers determined that most leaked password reuse was done by humans and not automation. It is one thing to defend against automation, but far more difficult to defend against human intelligence and perseverance driven by multi-million-dollar payouts.
Because authorities worldwide are making efforts to crack down on criminals and roll up parts of their organisations, criminals might be tempted to hit back where it hurts the most.
The attacker economy is currently out of balance with defenders’ security budgets. There is little to no opportunity to take out the hacking economy by putting up more barriers and making it more costly and time-consuming for attackers to breach organisations and infrastructures. These threat actors are sitting on a mountain of crypto gold. The U.S. Treasury said recently that $5.2 billion in Bitcoin transactions can be tied to ransomware payments over the past two years.
In just one example, U.S. travel services firm CWT Global paid a reported $4.5 million in July 2020 to the Ragnar Locker ransomware gang. In addition, a recent report from Unit 42 security consulting group indicated that the average ransomware payment increased 82 per cent since 2020 to a record $570,000 in the first half of 2021. That increase follows a reported 171 per cent increase over 2019.
Cybercrime here to stay
Even if the ransomware issue gets resolved more quickly than expected, criminals will pivot and find new ways to monetise crime. The security community will have to be vigilant, and organisations will need to make considerable efforts to keep their attack surfaces under control.
Unfortunately, 2020 and 2021 brought in a new dawn for cybercrime and info security, and it’s not going away anytime soon — certainly not in 2022