While we saw the threat landscape change in 2019 with even more sophisticated attacks, we predict 2020 to be even more extreme.
- More targeted ransomware – 2019 saw ransomware exploits getting highly targeted against specific businesses, as well as local government. Attackers are spending more time intelligence-gathering on their victims, to ensure they can inflict maximum disruption, and ransoms are scaled up accordingly. Attacks have become so damaging that the FBI has softened its stance on paying ransoms: it now acknowledges that in some cases, businesses may need to evaluate options to protect their shareholders, employees and customers.
- The variety show of phishing attacks – While email remains number one for phishing attacks, cybercriminals are also using a variety of other attack routes to trick their intended victims into giving up personal information, login credentials, or even sending money. Increasingly, phishing involves SMS texting attacks against mobiles or use of messaging on social media and gaming platforms.
- Evolution of mobile malware attacks – The first half of 2019 saw a 50% increase in attacks by mobile banking malware compared to 2018. This malware can steal payment data, credentials and funds from victims’ bank accounts, and new versions are available for widespread distribution by anyone that’s willing to pay the malware’s developers. Phishing attacks will also become more sophisticated and effective, luring mobile users to click on malicious web links.
- The rise of cyber insurance – Underwriters will sell more cyber insurance policies for businesses and government agencies such as schools, hospitals and utilities. Insurance companies may guide their policyholders to pay ransoms, as this is generally cheaper than having to recover from a ransomware attack. This will, in turn, will lead to more attacks, and fast growth for the cyber insurance industry.
- Risky business with IoT devices – As 5G networks roll out, the use of connected IoT devices will accelerate dramatically. IoT devices and their connections to networks and clouds are still a weak link in security: it’s hard to get visibility of devices, and they have complex security requirements.
- AI will accelerate security responses –AI dramatically accelerates identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities and develop more ever more evasive malware.
How can I protect my business in 2020?
Organizations that are attacked by ransomware are frequently impacted to a degree where operations may completely come to halt. Cytelligence has handled a significant number of cases where recovering from a ransomware attack is a very long process and getting data back and systems operational is only one step in the process.
The changes in regulatory environments are driving a behaviour change that requires vendors, partners and clients to completely disconnect from an impacted (victim) organization until assurances are provided that systems are healthy AND that any data was not exfiltrated (stolen) or accessed by the threat actors.
In order to address these concerns and lower potential liabilities, victims need to find first responders that can provide the services associated with the full incident life cycle. These services typically include:
- Ransomware analysis
- Containment and preservation of evidence
- Ransomware expert negotiation services and cryptocurrency facilitation services
- Forensic analysis and associated reporting
- Cyber Security Awareness Training
Many organizations are only able to provide some part of these services which requires a victim organization to either try and recover using internal resources or struggle to identify outside firms in the middle of a crisis.
In addition, the increase in scammers presents a problem as there are several organizations making promises that cannot technically be true, but during the time of crisis, some of the structured decision-making processes are thrown out the window.
These same decision-making processes are not structured to remove emotional decisions which are very prevalent during a ransomware event and may result in a decision that is not business focused and support sound economic outcomes. For example, if a company is suffering $100,000 in losses for every hour of being unable to operate, then a ransom demand of $200,000 which is equivalent to 2 hours of an outage should be considered in terms of costs and possible future business impact.
Engagement with a qualified and experienced cyber breach response and ransomware crisis management expertise is also important if a decision to make a ransom payment is undertaken. Acquisition of cryptocurrency in a legal and in a fiscally approved manner i.e. as a legitimate expense and of course in a timely manner to minimize costs is not typically what a typical organization is structured to devise during a ransomware event. Any delays can increase downtime and future costs in an exponential manner.
Today’s ransomware, ransomware programmers and threat actors are innovating at a rapid pace. Going beyond simple file encryption, ransomware increasingly leverages unknown variants and file-less techniques.
At Cytelligence, our team of experts understand the attacker mentality and can help your organization avoid disruption, help you recover with our extended on-site incident experts, minimize possible liabilities and ensure downtime and future costs are kept to a minimum. You need cybersecurity experts that have a track record of dealing with thousands of similar incidents working along-side your team to get you back to business. Contact us today to learn how you can be ready.