Last updated at Wed, 15 Jun 2022 13:49:28 GMT
First things first — if you're a member of a cybersecurity team bouncing from one stressful identify vulnerability, patch, repeat cycle to another, claim your copy of the GartnerⓇ report “How to Respond to the 2022 Cyberthreat Landscape" right now. It will help you understand the current landscape and better plan for what's happening now and in the near term.
Ransomware is on the tip of every security professional's tongue right now, and for good reason. It's growing, spreading, and evolving faster than many organizations can keep up with. But just because we may all be targets doesn't mean we have to be victims.
The analysts at Gartner have taken a good, long look at the latest trends in security, with a particular eye toward ransomware, and they had this to say about attacker trends in their report.
Expect attackers to:
- “Diversify their targets by pursuing lower-profile targets more frequently, using smaller attacks to avoid attention from well-funded nation states."
- “Attack critical CPS, particularly when motivated by geopolitical tensions and aligned ransomware actors."
- “Optimize ransomware delivery by using 'known good' cloud applications, such as enterprise productivity software as a service (SaaS) suites, and using encryption to hide their activities."
- “Target individual employees, particularly those working remotely using potentially vulnerable remote access services like Remote Desktop Protocol (RDP) services, or simply bribe employees for access to organizations with a view to launching larger ransomware campaigns."
- “Exfiltrate data as part of attempts to blackmail companies into paying ransom or risk data breach disclosure, which may result in regulatory fines and limits the benefits of the traditional mitigation method of 'just restore quickly.'"
- “Combine ransomware with other techniques, such as distributed denial of service (DDoS) attacks, to force public-facing services offline until organizations pay a ransom."
Ransomware is most definitely considered a "top threat," and it has moved beyond just an IT problem but one that involves governments around the globe. Attackers recognize that the game got a lot bigger with well-funded nations joining the fray to combat it, so their tactics will be targeted, small, diverse, and more frequent to avoid poking the bear(s). Expect to see smaller organizations targeted more often and as part of ransomware-as-a-service campaigns.
Gartner also says that attackers will use RaaS to attack critical infrastructure like CPS more frequently:
"Attackers will aim at smaller targets and deliver 'ransomware as a service' to other groups. This will enable more targeted and sophisticated attacks, as the group targeting an organization will have access to ransomware developed by a specialist group. Attackers will also target critical assets, such as CPS."
Mitigating ransomware
But there are things we can do to mitigate ransomware attacks and push back against the attackers. Gartner suggests several key recommendations, including:
- “Construct a pre-incident strategy that includes backup (including a restore test), asset management, and restriction of user privileges."
- “Build post-incident response procedures by training staff and scheduling regular drills."
- “Expand the scope of ransomware protection programs to CPS."
- “Increase cross-team training for the nontechnical aspects of a ransomware incident.
- "Remember that payment of a ransom does not guarantee erasure of exfiltrated data, full recovery of encrypted data, or immediate restoration of operations."
- “Don't rely on cyber insurance only. There is frequently a disconnect between what executive leaders expect a cybersecurity insurance policy to cover and what it actually does cover."
At Rapid7, we have the risk management, detection and response, and threat intelligence tools your organization needs to not only keep up with the evolution in ransomware threat actors, but to implement best practices of the industry.
If you want to learn more about what cybersecurity threats are out there now and on the horizon, check out the complimentary Gartner report.
Gartner, How to Respond to the 2022 Cyberthreat Landscape, 1 April 2022, by Jeremy D'Hoinne, John Watts, Katell Thielemann
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Additional reading: