researchHQ’s Key Takeaways
- Ransomware is malicious software that accesses and encrypts digital files, enabling hackers to hold the files for ransom until a certain sum of money is paid.
- A high proportion of ransomware attacks originate in vulnerable endpoints – devices such as mobile phones remotely connected to the central network.
- The shift to remote working due to the Covid-19 pandemic helps explain the surge in ransomware attacks over the last year, as the number of vulnerable endpoints connected to an organisation’s network has increased significantly.
- Organisations of all sizes are now targets. There is an urgent need to review existing practices, implement enterprise-wide education and invest in technologies that reduce the vulnerabilities of remote working.
Cybercriminals are becoming increasingly savvy and ransomware attacks have soared over the last decade. A recent PwC UK Cyber Threat Intelligence report revealed a spike in cybersecurity incidents which have significantly affected many organisations that are already dealing with challenges caused by the pandemic. It is likely the increase in the rate of attack has been fuelled by the influx of new ransomware actors, the expansion of existing affiliate schemes and pursuing improved revenues by established cyber-crime actors. And, unfortunately, no one is safe. Ransomware attacks can affect all business sectors and they are growing in intensity.
It all comes down to opportunity costs. During the pandemic, cybercriminals have been capitalising on ransomware as more people are working remotely. All it takes is a single vulnerable device. The disappearing perimeter means that many more devices are exposed, and many are simultaneously connected to a corporate or government network, and the user’s personal home network. A single successful attack can result in cybercriminals making hundreds of thousands or even millions of dollars.
Common avenues into public sector organisations
Despite ‘ransomware’ being the term that usually makes it into the headlines, social engineering, email phishing, and malicious email links are the major vectors that criminal organisations use to infiltrate environments and deploy their malware, and recent studies have shown that many successful attacks originate from a mobile device.
Getting rid of passwords in favour of multifactor, biometric or zero sign-on capabilities is the only way to stop cyber criminals harbouring credentials. Eliminating passwords should be tightly coupled with the ability to establish a contextual relationship between the user, the network, policy compliance, and the data that they are accessing.
Unpatched vulnerabilities and default configurations are another common point of entry into public sector organisations’ ecosystems. Underfunded public bodies typically struggle in prioritising the patch management process in IT, due in part to the resources needed to patch every vulnerability manually.
Unpatched vulnerabilities leave those organisations unprotected from malicious cyber threat actors exploiting known threat vectors to get a foothold into connected endpoints. They then move laterally up the cyber kill chain to evolve into an advanced persistent threat (ATP). These APTs are often undetected and living off the land within a victim company’s network.
Hyper-automation technologies that are powered by deep intelligence and use supervised and unsupervised machine learning algorithms can drastically improve IT defences. They provide organisations with visibility over all endpoints, applications, and data, and can effectively manage their security and self-healing capabilities with minimal human intervention.