Cybercriminals have upgraded and enhanced various popular phishing attacks, from adopting various coronavirus themed phishing emails, to double extortion ransomware. Exploiting the chaos that ensued following the switch to remote working back in March 2020, it’s safe to say these hackers have been busy these last 12 months.
Of all of the incident response engagements for IBM Security’s X-Force threat intelligence group, ransomware made up almost almost a quarter. 59% of these ransomware attacks included a technique known as “double extortion” attacks. These attacks consists of hackers removing data, before encrypting it. This means that threat actors can maximize their chance of making profit by giving their victims an additional incentive to pay the ransom – the threat to sell or even auction the encrypted data is simply too high for the victim to ignore. The gang behind REvil (aka Sodinokibi) was the first to adopt this strategy and this was quickly emulated by other groups. This gang managed to make more than £86 million profit in 2020 alone.
“Double extortion is the trend that attackers have gone to in 2020 because the attack circumvents the defenses, like backups and a good incident response strategy, that companies have put into place. This shift is a natural evolution of where attackers are going to go in response to companies’ defenses.”Nick Rossmann – Global Threat Intelligence Lead, IBM Security X-Force.
He went on to state that the use of this double extortion ransomware technique will continue to target large companies and big scores throughout 2021.
Despite many companies reporting increases in ransomware attempts, the actual total number of attempted ransomware attacks has decreased. However, this is not due to the threat of ransomware attacks declining. In fact, it is the polar opposite.
These ransomware attacks have moved on from a more traditional “spray and pray” technique, to a much more sophisticated, targeted, spear phishing approach. Jon Clay, director of global threat communications at Trend Micro explains;
“If you look at the ransomware numbers, that number is actually down year-over-year because the tactics have shifted. We have moved from the spray-and-pray ransomware attacks to the much more targeted approach by the ransomware actors.”
In addition to these worrying new ransomware facts coming to light, phishing attacks intending to steal credentials or as part of a BEC scam remain popular. These types of scams presented more of an opportunity for hackers to exploit over the last year due to employees working from home where cyber security policies are more complex to enforce.
“Software-as-a-service (SaaS) applications and Webmail remained the most targeted services for phishing attacks, dominating others throughout the year. Financial and payment sectors ranked in the second and third positions.”BlackBerry’s “2020 Threat Report”.
Cyber threats such as phishing and ransomware will only continue to jeopardize your organisation in 2021, could everyone in your organisation spot the tell-tale signs for one of these potentially devastating attacks? Find out in our Free Click-Prone® Test today.