Despite the number of ransomware attacks remaining relatively stable in the past six months compared to other half-year reports, the diversity of ransomware variants has almost doubled. This is according to a report in the latest semiannual FortiGuard Labs Global Threat Landscape Report.
The report indicated that they had discovered 10,666 ransomware variants across the company’s platform in the past six months compared to 5,400 variants in the previous six months. One of the reasons why we have seen a sharp increase in the number of ransomware variants despite the total number of attacks remaining constant is due to ransomware as a service (RaaS), according to the report. The operation model has enabled both skilled and semi-skilled cybercriminals to set up shops where they can execute lucrative ransomware attacks without the traditional sophistication of cyberattacks.
Hybrid working models were also found to be fueling most of these ransomware attacks. According to the report, the endpoints of the platforms being used for remote working have become a major target of cyber adversaries. They are able to conceal their activity on the network and evade every measure set up to detect and prevent cyberattacks through methods such as binary proxy execution.
The attacks are also carried out by cyber affiliates who use sophisticated methods of selecting their targets. They are able to conduct deeper pre-attack reconnaissance and tailor their ransomware to meet the demands of the attacks based on their research. The impact of this is these ransomware attacks become more likely to succeed than the generic spray and pray models that, in previous years, were the standard for cybercriminals.
The Sharp Increase in Wipers
Besides the surge in ransomware attacks for the first half of 2022, wipers have also become a major problem. The report showed that malicious software designed with the sole purpose of deleting data had also gone up significantly in the first half.
Unlike ransomware, cybercriminals who use wipers, in most cases, do not have the intention of contacting their victims. Once they find their way into a network, they start moving laterally until they are confident that they can cause maximum damage. They then unleash their malicious software, which is able to delete everything, including sensitive files, databases, folders, and even the operating systems that the computer network is running on.
Part of the reason cited for the sharp increase was Russia’s ongoing invasion of Ukraine, where these applications have been integrated as part of the war. However, these wipers have not stayed in only one place. They have proliferated worldwide, and such software is being used to cause havoc and malice on a global scale.
Operational Technology Vulnerabilities
The report also highlighted the vulnerability posed by operational technologies ( which include devices, both hardware, and software, that help monitor physical devices that are connected to most computer networks).
In most networks, these operational technologies are assumed to be secure. Therefore, they are given all access to networks when connected to networks. However, these devices are mostly insecure by design and can be compromised. Cybercriminals know this, and they target such devices, which give them access to the network with almost all privileges. After gaining access, they are able to launch their attacks and bring the whole network down.
For instance, in May, the team at FortiGuard Labs discovered 24 0-days in Siemens products. In addition to this, there were also 56 more vulnerabilities that impacted operational technology devices, a sign that cybercriminals had ramped up their attack on such devices with an aim to gain access to networks and compromise entire networks.
What the Ransomware variants surge means for Veterinary Practices
The data from the FortiGuard Labs is a clear indication that cybercriminals are becoming more sophisticated in their attacks, tailoring ransomware to fit a specific target. The surge is also an indication that in case your practice is attacked by cybercriminals, there is a high likelihood that your ransomware variant will be unique only to you. Therefore, ransomware attackers will have the upper hand when negotiating with you for the release of data. In case you decide to look for a solution for your ransomware attack, getting your hands on a decryptor will be next to impossible because the malicious software used is modified and tailored to your veterinary practice.
To address this problem, FortiGuard Labs recommends that you have regular training and patching. This will help in preparing your staff from such attacks and also prevent attacks that exploit vulnerability due to using outdated software.
They also recommend having endpoint security. This is especially important if your practice allows for hybrid working, where staff can work remotely. The report above shows that endpoints have been a major vulnerability that cybercriminals have used in the past few months to compromise computer systems.
Zero-trust network access (ZTNA) can also help you control who can access your network in a granular level. It will also help address problems with operational devices, which networks trust and give access to almost the entire network, resulting in compromises.
Real-time visibility can also help you get a good gist of your system and detect problems as soon as they happen. This should be considered as part of your first steps in your cybersecurity implementation.
Clint Latham