Cyber Attacks Targeting IT Service Providers

A simple solution to help fix any aspect of ransomware does not exist. That being said, progress is seen. For instance, in Q1 2019, 85% of cases handled by Coveware ended with the cybercriminal receiving a ransom payment. In Q1 2022, that number dropped to 46%.

The drop in ransom payments came despite the war in Ukraine being a catalyst for cybercriminals and ransomware gang Conti publicly announcing its allegiance to the Russian administration.

What is also changing is the targets.  Trellix research shows that companies providing IT, finance and other types of consulting and contract services were targeted by bad actors more often. It makes sense, since a single service provider breach can potentially disrupt or provide access to multiple businesses with a single attack.  The reward for cyber criminal is high/

Businesses accounted for almost two-thirds of U.S. ransomware detections. Business services were also the second most targeted sector behind telecom, 53%, across global ransomware, malware, and nation-state backed attacks in Q1 2022.

When it comes to the healthcare industry, Trellix notes specifically there is a risk due to easier access points because medical devices and software are falling short in fundamental security practices and are ripe with RCE vulnerabilities. Medical devices and software are a weak point for attackers to exploit, and internal and external security testing across developers and researchers need to be encouraged more often.

Email is another common attack vector. Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims to download malware.  Trellix also identified emails with malicious documents. The documents contained macros that work as downloaders or exploits that result in the attacker gaining control of the victim system. In addition, many emails include malicious executables like infostealers or trojans attached.

“Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back,” said Christiaan Beek, lead scientist and senior principal engineer, Trellix. “Global threat actors have novel cyber artillery ready to deploy in case of escalation, and organizations need to remain vigilant.”