Cybercriminals and infrastructure attacks increased in 2021. Hitting 14 of the 16 critical infrastructure sectors in the United States. According to a report from cybersecurity authorities in multiple countries.
Ransomware trends
Ransomware trends and recommendations were laid out in a Joint Cybersecurity Advisory. Coauthored by cybersecurity agencies in the United States, United Kingdom and Australia. The report noted that evolving tactics and techniques of cybercriminals demonstrated their growing sophistication. As well as their increased threat to organizations globally.
Officials cited attacks on sectors like defense industrial base, emergency services, food, agriculture, government facilities and information technology.
Authorities recognized ransomware as the biggest cyberthreat facing the United States. With the education sector being one of the top targets. Other targeted sectors included businesses, charities, legal professionals, and public services in the local government and health sectors.
Cybersecurity authorities observed an increasingly professional field of cybercriminals and infrastructure attacks in 2021.
Along with the increased use of ransomware-as-a-service (RaaS), threat actors employed independent services to negotiate payments. Additionally assist victims in making payments and arbitrate payment disputes with other cybercriminals. Criminal groups in Europe and Asia have also shared victim information with each other.
According to the report, authorities observed that “some ransomware threat actors offered their victims the services of a 24/7 help center to expedite ransom payment and restoration of encrypted systems or data.”
In the United States, ransomware actors shifted their focus from “big game” organizations to midsize victims halfway through 2021 after they suffered disruptions from cyber authorities. The switch was to reduce scrutiny, officials said.
Common Attacks
Most commonly, cybercriminals continued to initiate ransomware attacks via phishing emails. As well as stolen remote desktop protocols (RDP) credentials and exploited software vulnerabilities. “These infection vectors likely remain popular because of the increased use of remote work and schooling starting in 2020 and continuing through 2021,” the report stated. “This increase expanded the remote attack surface and left network defenders struggling to keep pace with routine software patching.”
Cybercriminals increased their impact through a few methods. Such as by targeting the cloud, managed service providers (MSPs) and software supply chain entities. Thus several groups have begun attacking industrial processes. More attacks against U.S. entities occurred on holidays and weekends.
Extorting money
Criminals also expanded methods to extort money from victims. Consequently, They would threaten to release stolen information publicly, disrupt victims’ internet access, and/or inform the victims’ partners or shareholders of the incident.
Authorities had several recommendations to reduce the likelihood and impact of Cybercriminals and infrastructure attacks. Organizations should keep all operating systems and software up to date. Particularly secure and monitor potentially risky services (e.g., RDP); implement user training programs and phishing exercises. Simultaneously require multifactor authentication (MFA) and require strong and unique passwords. Especially protect cloud storage by backing up to multiple locations and encrypt cloud data.
For more cybersecurity guidance, contact InterWeb Insurance LLC today.