Aside from a financial impact, breaches can cause irreparable brand damage and loss of consumer confidence. On average, public companies’ share prices fell an average of 8.6% after a breach.
Over the last year, RISCPoint’s cybersecurity specialists have noticed certain threat trends that even the most diligent businesses may be vulnerable to. Read on to learn more about these threats and the steps you can take to protect yourself:
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Cybercriminals will demand ransom (many times in the form of hard-to-trace cryptocurrency) in exchange for decryption, and they will often threaten to sell or leak exfiltrated information if the ransom is not paid.
Many attackers determine ransom demands based on the size of the organization and the sensitivity of the information they gain access to. These ransoms can range from a few hundred dollars to tens of millions of dollars for decryption. Acer, a computer manufacturer, recently fell victim to a ransomware attack and received the highest ransom demand to date: $50,000,000.
Even if proper backups are maintained, the cost of service interruptions and remediation efforts can be substantial.
In 2021, these attacks dominated the cybersecurity risk landscape. The FBI's Internet Crime Complaint Center received 2,084 ransomware complaints from January to July 31, 2021, which was a 62% year-over-year increase from the same period in 2020.
Unfortunately, early 2022 trends have proven that this threat is only going to increase in frequency and severity going forward, as ransomware is an effective and lucrative way for criminals to make money – with little risk of apprehension.
While social engineering and lacking security controls remain the primary vector for ransomware infection, one emerging trend is the ransomware insider threat. Some cybercriminal groups have been targeting disgruntled employees with an offer of commission on ransom payments (as high as 40%) for using their access to install ransomware within their corporate environment.
In mid-December 2021, two high-impact vulnerabilities were publicly disclosed by security researchers. CVE-2021-45105 and CVE-2021-44832 describe vulnerabilities discovered in the software library, Apache Log4j. These vulnerabilities were assessed to be the highest severity, as they allowed attackers to remotely execute malicious programs on vulnerable systems.
Many organizations had never heard of Apache Log4j and assumed they were safe from this threat. Unfortunately, the Log4j software was a commonly-included component of many services and applications, including VMware, AWS, and Okta. As a result, many off-the-shelf software products and services inherited these vulnerabilities. According to SonaType, a company specializing in software supply chain security, more than 7,000 software products are known to include the Log4j library, and it is in the top 0.003% percentile of most downloaded Java libraries.
The sheer number of vulnerable targets, combined with the ease of exploitation, proved appealing to threat actors across the globe. According to Check Point Software’s research, more than 200,000 attack attempts were identified within the first 24 hours of the vulnerability being disclosed, with this number quadrupling after 72 hours. By the end of 2021, this number grew to a staggering 4.3 million attack attempts, with roughly 48% of all corporate networks being targeted.
While the Log4j vulnerability was a perfect storm of timing, ease of exploitation, and patching complexity, it highlights an important fact — organizations are facing an increasing threat from their software supply chains, as widely used software and libraries are attractive for threat actors due to the broad ranges of potential targets.
The software supply chain presents an appealing target for attackers, as well as a unique challenge for organizations. Due to the nature of software supply chain attacks, it is likely impossible to mitigate all risk of attack even by following security best practices. However, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) recently released a report and guidance to help companies better defend themselves against compromised software supply chains.
The organizations found that software supply chain attacks have primarily been carried out by hijacking a vendor's update and code signing mechanisms. This is done by compromising the vendor’s network or targeting open source software projects that are included in vendor code. The report also stated that third-party applications using elevated privileges and performing frequent communication with software vendors are most likely to be targeted.
To combat these threats, it is recommended that businesses use guidelines like NIST’s Cyber Supply Chain Risk Management (C-SCRM) or Secure Software Development Framework (SSDF) to inform their purchase and implementation of third-party software.
When it comes to ransomware and software supply chain attacks, an ounce of prevention is worth a pound of cure. The following are some practices that can help mitigate the likelihood and impact of attacks on your organization:
If you are looking to bolster your organization’s security or achieve compliance, RISCPoint has advanced services tailored to your needs. Our certified cyber security professionals have successfully supported companies across a wide range of industries and sizes, from Fortune 10 to pre-Series A startups.
Subscribe to our newsletter and get the latest cybersecurity insights, updates, and event invitations delivered straight to your inbox. Join our community and empower your security journey with RISCPoint's expert knowledge.
Join our newsletter for updates. Terms.
Get ready to harmonize your cybersecurity goals with our team of industry-leading consultants.
