As we pass the midpoint of 2023, IT professionals have seen a record-breaking year in threats, attacks and vulnerabilities. In the annual Data Breach and Investigation Report (DBIR), Verizon shares that costs and breaches continue to skyrocket at a record pace. Organizations still continue to struggle with layered defense strategy that are comprehensive in nature and address issues across the enterprise.
Still leading the scoreboard in incidents and breaches is ransomware. Organizations continue to be attacked, breached and compromised at an exponentially growing rate. Ransomware Threat Landscape 2023: Ransomware Resurgence, Black Kite reflects that with the 2,708 ransomware victims public reported from April 2022 to March 2023, the occurrence of attacks was nearly 1.6 times higher in 2022. The US still continues to lead the world in attacks accounting for over 43% of all global attacks. This exponential increase illustrates that bad actors are still successfully attacking organizations, exfiltrating data, locking down systems and monetizing the stolen data.
There are a variety of trends that have emerged in ransomware attacks. The first trend is that these attacks are no longer just lone wolf attacks where individuals are orchestrating attacks. The largest occurrence of attacks are carried out by well-organized teams that include Hacking as a Service (HaaS) where individuals and groups sell hacking services code, access, credentials, and data between different groups to attack organizations. Out on the dark web, everything from data to credentials are for sale for the right price. These items have been accumulated by other hackers and then monetized leaving organizations constantly under siege through resold information on the weaknesses in the security environment.
The second trend is the use of orchestration, automation and AI in the facilitation of attacks. Hackers have been utilizing orchestration for some time, however with the continued acceleration of the improvements in AI bad actors are now taking advantage of that technology to reduce the time that it takes to infiltrate an organization’s defenses. This technology is regularly being utilized to build better malware that now impacts how tools can detect and defend against the attacks.
Additional trends that are being observed in the ransomware area is surrounding the infiltration and use of automated deployment as a way to deliver the malicious payloads. These self-spreading methods have been observed with BlackBasta, The Play and Lockbit.
Drivers are also now being leveraged to ransom organizations. Vulnerable drivers are now being exploited to attack systems. One of the most disturbing trends is the leverage of vulnerable AV drivers. AV drivers that are vulnerable are being used to not only disable the AV on local machines but then exploited to lock down the asset after infection. AvosLocker and others have been observed in this trend. Organization’s failure to address critical vulnerabilities makes this an attractive method of attack.
Third party risk continues to trend very high for risks. From internet providers to manufacturers, this continues to be an issue. In 2022, we witnessed several third-party supply chain breaches. This area continues to grow as organization fail to give up RDP and other vulnerable connections for vendors and partners. The other challenge is not enforcing security policies with third-parties that exist in the enterprise. Organizations must do a better job of making sure that all third-party partners comply with security policies.
The growth in ransomware attacks is estimated to continue based on the effectiveness of the tools and organizations’ failure to create, manage and maintain vulnerability management programs and polices. Even companies that have vulnerability management programs that create regular acceptances of risk erode the security offered by implemented programs.
The use of AI and automation has made a huge impact in the identification and speed to containment of ransomware. Companies that have successfully deployed the use of automation and AI have significantly reduce dwell time and data breach lifecycles. According to an IBM report the breach lifecycle was reduced from an average of 322 days to 214 days. This reduction of 108 days provides almost a 30% improvement compared to organizations that had not implemented AI and automation technologies to detect, respond and remediate threats.
One of the most staggering trends is that only one third of breaches are detected by security teams of attacked companies. According to the report Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs, organizations are more likely to be notified by outside entities and law enforcement than they are to detect a breach. In a ransomware event, most likely it is the eventual lockdown of devices is how the organization is notified there has been a breach.
A very concerning organizational trend in the industry is employee fatigue and burnout. We are starting to see talented cyber professionals leaving the field. With an increase in incidents and breaches organization’s cyber teams are suffering from alert fatigue and burnout as a result of the “Always On” mentality that is associated with these role continue to leave organizations short-staffed and at risk. Cybercrime Magazine reported earlier this year that global cybersecurity vacancies grew by a staggering 350%. With over 3.5 million global openings. This trend contributes to the challenges that organizations face in protecting their environments.
Organizations must do a better job looking at the cybersecurity and ransomware environment like other areas of the business. Creating a vulnerability program that has metrics and measurements as well as a 36-60 month plan. This plan needs to include the adoption of new technology, leveraging of services and investments in the teams that support the efforts.
2023 is not over, but there are ways to start looking forward to your 2024 strategy and how your organization and improve security without breaking the bank. How your organization prepares for some of these trends could be the difference between a better-layered defense strategy or the next headline in the local paper about a breach of your network. It is never too late to start planning for a better security strategy. Engage the team and start looking at mapping out the organization’s journey. The security of your enterprise depends on it.
Dr. Stephanie Benoit-Kurtz is lead cybersecurity faculty at University of Phoenix College of Business and Information Technology, and Regional Security Director at Trace3 in Las Vegas, NV.