The Rise and Rise of Encrypted Attacks, Ransomware, and … Watch Out for Rebate, Claim and Debt
The Rise and Rise of Encrypted Attacks, Ransomware, and … Watch Out for Rebate, Claim and Debt
In our lab, we focus a good deal on the benefits of cryptography, and in its usage in security, identity, integrity and trust. But, the great defender has also become a mighty attacker and Cloaker. And so, we are faced with the rise of ransomware as the blunt instrument of choice in creating the opportunity to gain financial benefits within cybercrime. In their latest research, SonicWall [here] predict that ransomware attacks have risen by 105% within 2021, with over 623 million ransomware attacks:
But, it is encrypted threats that show the greatest rise, and where encryption is being used to subvert security controls. The major ransomware incidents reported in 2021 included JBS Foods (the world’s largest meat producer) and the Colonial Pipeline attacks. SonicWall say that 2021 is a turning point in the evolution of ransomware, and where supply chains were targeted. Unfortunately, quite a few ransomware attacks have resulted in the companies paying a considerable ransom, and the fees for this continue to rise. For example, JBS Foods paid around $11 million to gain access to the required decryption key.
Still spear phishing …
As in many cases, the fear of targetted phishing attacks is the major concern for many in the industry, but data breaches (typically around customer data and emails) and ransomware attacks also provide significant levels of concern:
Overall, SonicWall discovered that around 60% of organisations who had had a data breach, did not know they were under threat before the breach was discovered.
The same old story …
A rather depressing statistic that SonicWall discovered was that 80% of the Top 10 exploited vulnerabilities were carried over from previous years. This is disappointing as one would assume that good patching regimes would overcome many previously known vulnerabilities. Their Top 10 of the major CVE threats in 2021 is:
A major concern for many organisations is the usage of BEC (Business Email Compromise) and where confidential information could be leaked. With this, the usage of impersonation methods was at the top of attack vectors:
We can see that executives are often targeted with this type of threat, along with modifying the reply-to field, so that a reply seems to come from a trusted person, but goes back to the intruder.
Malware stabilising?
One significant finding of the SonicWall report is that the tide is turning on malware and that our detection systems are possibly starting to reduce their impact. But this reduction does not spread evenly across the world, and where countries such as Vietnam, Sri Lanka and Slovenia still seeing significant hits in terms of malware infections.
For ransomware, it is the old favourites of Ryuk, SamSam and Cerber that lead the way in 2021 — with 9.2 Ryuk hits recorded per second in 2021:
SonicWall also sees the rise of double extortion, and where ransomware is used to encrypt files, while also exfiltrating data from an organisation. With triple extortion, the intruder will examine the data and find out who could be targetted for a ransom demand. This affects the targetted organisation, and any associated entities.
Targetting cryptocurrency
SonicWall also see a rise in cryptojacking attacks over the year and detected an attack on Android-based crypto wallets. This attack enabled the permissions for an external adversary to gain access to the cryptocurrency wallets:
Cloaking device
But, the threat that rose the most was encrypted attacks, and this is where malware can be tunnelled through encrypted traffic, such as for https. This area saw a tripling of the number of threats detected. The key sectors for the targeting seem to be government and education:
When it comes to intrusions, it is still remote access that is top of the hill, closely followed by directory traversal attacks:
What is interesting here, that is the remote execution of code (RCE), cross-site scripting (XSS) and SQL injection have not gone away, and are still a significant threat.
And watch out for rebates and complaints …
But, it is still spear phishing attacks that are a great threat to organisations in terms of an adversary gaining a foothold in an organisation. SonicWall provide an interesting file of filenames that are most common, including ones that perhaps prompt for action: “Rebate”, “Complaint” and “Debt”:
For IoT attacks, SonicWall see a stabilising of the number of threats detected, with NETGEAR and D-Link vulnerabilities being the top-listed, along with ones related to IP cameras:
Conclusions
Intrusion Detection Systems provide a heartbeat on the state of cybersecurity. Every alert says something, and SonicWall has produced an excellent report on where we currently are and the most significant threats. But remember, just one alert can lead to a major cyber incident, so do miss it! One thing that is for sure, is that Cybersecurity is now a data-drive industry, the aggregation of log alerts provides one of the best ways to detect and investigate a threat, and to understand your company’s threat landscape. The Who, What, When and Why?