The United States, United Kingdom, and Australia have issued a joint advisory about cybercriminal attack techniques after a surge of "sophisticated, high impact" ransomware attacks on businesses and organizations. The warning was issued by the U.S. Cybersecurity and Infrastructure Agency (CISA), the UK National Cyber Security Centre (NCSC) and the Australia Cyber Security Center.
The agencies issued a joint warning that ransomware tactics and techniques have continued to evolve in 2021. The attacks have targeted a wide range of industries, including defense, IT, financial services, healthcare, energy, education, charities and local governments. The agencies warned ransomware threat actors are displaying growing technological sophistication, which poses an increased threat to organizations throughout the world.
The joint bulletin issued by the agencies revealedthere were three top infection vectors for ransomware attacks in 2021. They included phishing emails, remote desktop protocol (RDP) exploitation through stolen credentials or brute force and exploitation of software vulnerabilities.
Managed service providers (MSPs) were also a major target for ransomware in 2021, with attackers often impacting all of an MSP's customers at the same time. Ransomware attackers also targeted poorly-defended cloud infrastructure, with the goal of stealing data and encrypted information and even denying access to backup systems in some cases.
Other popular targets included industrial processes that impacted connected business systems or interference with critical infrastructure through code development. Attackers also went after the software supply chain and used it to access multiple targets through a single instance of compromise. Organizations were also targeted on holidays and weekends when impacts would be greater and when there was a likelihood of less IT support staff in place.
Attackers also launched a number of Ransomware-as-a-Service (RaaS) operations in 2021, with some offering 24/7 help desk support to compromised businesses to expedite their ransom payments. Many organizations reported being encouraged to pay ransoms or risk the leak of stolen sensitive data if demands were not met.
Ultimately, the three cybersecurity agencies believe the ransomware business model translates to large financial returns, perpetuating the frequency of attacks. The rise in attacks, coupled with the RaaS business model, has increased the complexity of the attacks since networks of developers, freelancers and affiliates are working together globally to launch attacks.
Edited by
Luke Bellos
