In general, ransomware attacks can be divided into opportunistic and targeted. The former, such as WannaCry, target arbitrarily and en masse a large number of potential victims and apply phishing, social engineering or exploit kits available on the dark web. Their success is due to two main reasons – many companies neglect the need to perform regular data backups, which means that if certain information becomes available to hackers, it can be lost forever. Another reason is the overconfidence of traditional antivirus solutions, which do not have the ability to monitor for any current version of ransomware files that are often converted.
Due to many factors, especially in the last year, the cyberattacks we fall victim to, no longer only in our offices, but also from our homes, are more common and more dangerous. And the more digitalized a world is, the easier our everyday life is and the more attack opportunities there are – CCTV cameras, smart devices, autonomous cars and even gas, water and other similar networks. Ransomware is becoming the preferred method of attack, especially when targeting critical infrastructure systems on which the provision of water, electricity, fuel or other important services depends. The recent example with Colonial Pipeline is proof of this. In such situations, even very short delays can cause irreparable damage. This is the reason why many companies, victims of such attacks, find no other way out but to pay to minimize the damage. On the other hand, targeted attacks are on specific organizations, most often chosen because of their ability to pay large ransoms and the criticality of their operations. Attackers use personalized tactics, techniques and procedures (TTP). Such was the attack on the Colonial Pipeline. These attackers are very creative, often working hard to exploit vulnerabilities while identifying the most valuable encryption and ransom storage data. They are also extremely patient, regularly increasing the privileges of bypassing security systems. They can go unnoticed for months – or more – before deploying a ransomware payload. During this time, attackers often target archived data (if available) so that the organization cannot recover files after they have been encrypted. According to the “Unit 42 Ransomware Threat Report” for 2021, the highest ransom requested between 2015 and 2019 is $ 15 million. In 2020, it has already doubled to $ 30 million.
However, it is not only these companies that are now victims. In the age of IoT, cloud and mobile solutions, and the increasingly popular work from home, everyone is a potential target. About two months ago, Verkada, a video security startup, was attacked, and as a result, attackers gained access to live footage from nearly 150,000 IoT-related cameras positioned in hospital beds in intensive care units, in prisons, in classrooms and others. The probable way in which the attackers gained access is typical – they targeted a specific username and password of an administrator account. Through it, they could move unnoticed in the network as if they were a member of the camera maintenance team.
The problem when we talk about cybersecurity in the IoT is that there is still no consensus on who should be responsible for security. Whether the manufacturer has to create secure devices at the factory or the user is obliged to strengthen the protection – individuals to change the default passwords for devices in their homes, and companies to remove hard-coded passwords and strengthen the protection of endpoints of networked IoT devices . Despite the pressure, no specific guidelines and standardization have yet been introduced in this case. However, there is a consensus that IoT devices, especially those used by large corporations and at the state level, should be viewed in the same way as traditional IT systems. Despite the increased attention, unfortunately, malicious attacks are only increasing in number. That’s why it’s good to be smart with our smart devices. Here are some guidelines: Whether we are talking about ransomware attacks, or those of IoT devices in our home or office, there is a common denominator – any device, endpoint, server or system connected to the Internet is a potential vulnerability.
If you want to look through the eyes of both hackers and defenders to better understand what is behind an attack and how to defend yourself in the future, sign up for the virtual simulation organized by CyberArk – Attack and Defend – the Endpoint Threat on June 24. During the event, participants will be able to get acquainted with scenarios from real practice in two teams – attackers and defenders. content from CyberArk
The News Highlights
- Companies, devices, people – are they all potential targets for cybercriminals?
- Check the latest world news updates and information about business, finance, technology and more.
- Check the latest update on tech news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week