Cyberattacks are a common phenomenon today, and there is no better way to protect ourselves from these attacks than by looking at recent attack patterns and cyber developments. In this week’s post, we have highlighted the significant developments in the cybersecurity domain over the last seven days.
Ransomware Demands and Payments On The Rise
Several governments, businesses, and healthcare entities underwent high-profile ransomware attacks in 2021. However, it was not just ransomware attacks that rose; ransomware payments also surged in 2021. A report was recently published by Palo Alto Networks’ Unit 42 regarding the same. Some vital statistics come to light from this report, highlighting that the average ransom demand increased by 144% to become $2.2 million and the average payment rose by 78% to become $541,010. The report mentioned that the Americas was the worst hit by ransomware attacks in 2021 (60%), followed by Europe, Africa, the Middle East (31%), and the Asia Pacific (9%).
As per the report, legal and professional services witnessed 1,100 victims, whereas the construction sector had 600 victims of ransomware attacks. About ransomware groups, Palo Alto Networks mentioned that Conti was the most active group in 2021 with an average income of $1.78 million, shortly followed by REvil, which usually had an average initial demand of $2.2 million. Further, the report highlighted that as many as 35 new ransomware gangs emerged in 2021.
You would be surprised to know that the rise in ransomware payments is primarily facilitated by the RaaS, which makes things easy for threat actors by providing support and start-up kits for sale. These RaaS models offer several easy-to-use services and tools. For instance, the ransomware Sugar is offered as a RaaS to threat actors for a ransom of $4.01 in BTC – these services make deploying ransomware a piece of cake for the adversaries!
It won’t be wrong to say that the ransomware landscape continuously evolves to include new threat actors and upgrade the existing strategies. Thus, taking adequate ransomware protection is the only solution we have, and this includes spreading awareness, training our employees, and maintaining cyber hygiene.
U.S. And Singapore Enter Cyber Dialogue
To strengthen their cybersecurity cooperation, Singapore and the United States recently announced the establishment of a yearly dialogue called the “United States-Singapore Cyber Dialogue.” This dialogue shall involve the technical and policy units from various agencies and senior government officials from the cyber operations who will come together to discuss and improve the existing practical cooperation among the nations. The specifics of the annual dialogue, like its co-chairs and level of representation from both countries, will be decided later.
A joint statement was released by Singaporean Prime Minister Lee Hsien Loong and U.S. President Joe Biden on the former’s visit to the U.S. recently. This statement mentioned the emerging alliance of both nations on cybersecurity and pledged to extend this cooperation to deal with all cyberattacks facing the countries. Securing critical infrastructure and promoting resilience are the key objectives of the dialogue. The nations also plan to work on the International Counter Ransomware Initiative so that the global surge in ransomware attacks can be tackled. This dialogue succeeded in signing three memoranda of understanding concerning cybersecurity between the nations when U.S. Vice President Kamala Harris’ visited Singapore last year.
Increased Cybersecurity Risks Targeting Public Sector Applications
A recent study by Veracode reflects that over 82% of public sector applications have security flaws which make it the highest proportion in any industry. The study further revealed that the public sector takes double the time than regular industries to fix security flaws. What’s shocking is that as many as 60% of the flaws in third-party libraries affecting the public sector remain unpatched for at least two years after detection. The Veracode study considers data collected from 20 million scans across 1,500,000 million applications in the public sector, financial services, manufacturing, retail & hospitality, technology, and healthcare.
Further, the public sector reportedly had the lowest vulnerability fix rate across all industries (just 22%). Clearly, the public sector entities are more vulnerable to software supply chain attacks from actors like Kaseya and SolarWinds. Such attacks compromise critical data and cause considerable disruptions to regular operations.
However, it’s not all bad news: the report did highlight the progress made by the public sector organizations in handling high severity flaws. Veracode reported that only 16% of the scanned public sector applications had high-level flaws, which is 30% less than last year’s figure. Cybersecurity experts believe that this progress is due to several cybersecurity initiatives taken by the government in recent years. For instance, U.S. President Joe Biden’s executive order in 2021 made cybersecurity practices like zero trust compulsory.
RPC Reported a Doubling Of Ransomware Attacks Between 2020 and 2021
A recent study by RPC (an international law firm) revealed that the ransomware attacks registered with the U.K.’s data protection regulator (the Information Commissioner’s Office) have doubled between 2020 and 2021. This figure has increased from 325 in 2020 to 654 in 2021. The report stated that the finance, insurance and credit, and education and childcare sectors were the worst hit by ransomware attacks in 2021, with 103 and 80 attacks, respectively.
RPC warned that organizations handling sensitive financial data are most vulnerable to ransomware attacks. Thus every organization must seriously consider getting cyber insurance since non-specialized insurance policies usually do not cover cyber expenses.
RPC partner and head – Richard Breavington suggests that although some organizations might feel that investing in cybersecurity insurance exposes them to an insurance gap, it is still advisable to get one as it reduces the chances of succumbing to a ransomware attack. RPC remarked that corporates should always back up their systems so that there is a minimal business interruption in the unfortunate event a cyberattack hits them.
New Ransomware In The House – SunCrypt Returns
SunCrypt is one of the first threat actors to use triple extortion in ransomware campaigns. The ransomware became available as a RaaS back in the mid-2020s and had been working with its close circle of affiliates since then. As per the cybersecurity firm Minerva Labs, SunCrypt continues to expand despite its limited circle.
The ransomware recently upgraded to a new variant that can terminate services and completely wipe out systems and processes. Cybersecurity researchers believe that this new variant of SunCrypt is still in its early development stages. However, they also mentioned that the new variant comes with an anti-VM feature that can be expanded and intensified in future malware variants. The new variant of SunCrypt looks like an attempt to compete with other ransomware groups, considering its most recent attacks on Migros and the Oklahoma City Indian Clinic were quite risky.
U.S. Lawmakers Propose New Cybersecurity Bill For the Healthcare Sector
U.S. lawmakers are proposing a new cybersecurity bill that aims to improve the security position of the American healthcare and public health (HPH) sector. Known as the Healthcare Cybersecurity Act, U.S. senators Bill Cassidy and Jacky Rosen recently put forth the new bill at the White House, owing to the increased security breaches from Russia targeting America. Cassidy mentioned that health centers become a primary target for adversaries because of the massive collection of sensitive, personal, and health information they store. The new bill aims to protect patients’ PII and PHI by strengthening the nation’s resilience to cyber warfare. Further, the act also aims to improve collaboration between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS).
The new bill, if passed, will mandate CISA to produce a detailed report on the cybersecurity risks facing the HPH sector and work with it to boost the sector’s defense system. CISA’s study is expected to detail the significant security risks affecting health care assets, the challenges before them while securing updated information systems, and an assessment of prevalent cybersecurity workforce shortages.
Since the life and death of patients depend on healthcare providers, a system outage at their end owing to a cyberattack could have irrevocable effects on the life of patients. Therefore, enough emphasis needs to be paid to the cybersecurity of healthcare facilities, and the new bill proposes to do just that.