The threat landscape is in a constant state of flux. While malicious activity is incessant and we know it will continually occur, the methods and the rates of which threat actors target victims continues to morph and ransomware has begun to take center stage. Taking a look back at 2021, ransomware more than doubled in frequency according to Verizon 2021 Data Breach Investigations Report findings. But why are hackers increasingly steering their attacks with ransomware techniques?
The reality is the answer to this question may be simpler than it seems. The hacker of today has become progressively even more adept at figuring out how to successfully make their way through the existing, and in most cases, outdated layers of security within the modern enterprise. Given the capabilities to enter an organization’s network, hackers are turning to ransomware as a means to further monetize their efforts. Despite threat actors increasing proficiency in malicious approaches, organizations have let their security fall to the wayside with nearly half (45%) failing to add capabilities to their network security stack over the last year. This lack of maintenance and diligence to provide the ability to mitigate the threats of today has resulted in an uptick of pay days for hackers, making these attacks that much more appealing.
In addition, the turn to hybrid and remote work opened a new can of worms for security teams while simultaneously opening a new door for ransomware. During the transition to remote work organizations saw the introduction of new applications surge, further expanding attack surfaces causing the amount of protection needed to power secure work for distributed teams to skyrocket. Creating the perfect storm for threat actors to identify how to capitalize off of this. This has caused a rise in what we at Menlo Security team have dubbed “Highly Evasive Adaptive Threats” (HEAT). HEAT threats at a high level are a class of cyberthreats that use web browsers as the attack vector. These attacks use various techniques to help avoid multiple layers of detection in current security stacks. Our Menlo Labs team saw an increase of 224% in HEAT attacks the second half of 2021 alone. While this percentage is alarming, it shouldn’t come as a shock. Security stacks have remained unchanged over the past year for most organizations, meaning that many have yet to strengthen their security posture, leaving the door and attack surfaces wide open for HEAT attacks that are fueling the ransomware surge.
Ransomware has also garnered more attention from hackers due to a new payment aspect that is extremely attractive for those looking to be untraceable: digital currency. The actors behind Colonial Pipeline, Kaseya and JBS, three of the largest ransomware attacks in 2021, called for use of cryptocurrency for the delivery of ransom. Over the past couple of years, cryptocurrencies have made it more possible for those seeking ransom to request a larger sum from global corporations as well as hospitals and government agencies. There’s a level of increased anonymity that comes with the transferring of these digital assets, user privacy is the foundation to a number of these currencies, and we’re in a time where government regulation and scrutiny around cryptocurrencies are still in their adolescent stages. This new method of ransom payments has impacted the way at which hackers view their risks. With lack of regulatory standards and the ability for victims to pay a larger sum with the likelihood of an attack being traced back to the source – cyber criminals feel empowered to ask for more, making ransomware a more lucrative approach among their malicious services.
Knowing how this ransomware revolution has emerged is the first part of the solution. From this knowledge we need effective action. So, how does one manage to create a strategy that can best position your organization to win against a hacker should you become the victim of an attack? It’s time to shift how we view our approaches and transition from the detection/mitigation status quo we’ve created and move toward implementing threat prevention. To address these increasingly adaptive threats, a preventative approach enables security measures to already be in place so should a threat arise your security stack is already actively working to prevent the threat in real-time.
I believe that this preventative approach is twofold and that a combination of Secure Access Service Edge (SASE) framework and zero trust is critical. Implementing SASE allows for security to be placed closer to the edge, meaning that protection for applications or data are more in proximity to a user, furthering the effectiveness of security procedures. This means that organizations can take their legacy security stacks that once lived on the obsolete idea of a security perimeter and instead puts it into the cloud as a converged, integrated stack. Pair this with zero trust and you have a winning combination. By adapting a zero trust methodology, and assuming that everything is untrustworthy and that there is no existing security perimeter, you assume threats before they are present. When SASE is partnered with zero trust, you move your security closer to your applications while proactively subjecting content to security management review – making sure that no threat goes undetected.
It’s time to beat hackers at their own games as this evolution of threats and interest in ransomware continues to emerge. Security leaders in companies of all shapes and sizes need to steer teams toward the proper steps to build modern security approaches that meet these modern threats. It’s time to throw away the outdated approaches that teams have grown accustomed to and instead actively challenge security processes to begin developing a preventative foundation necessary for today’s cyber criminals.