Cybercriminals have always had the advantage in the perpetual battle between defenders and cyber criminals. They have been unchallenged for many years. In many ways, workers at these companies can automate many of their tasks. This is especially pertinent when it comes to detecting and responding to attacks using AI and machine learning.
The development of these capabilities has not been nearly enough to keep ransomware at bay. However, it has nonetheless managed to produce a level of AI and automation that far surpasses what cyber criminals have accomplished in battling ransomware.
AI-driven phishing and automation are gaining traction with the development of artificial intelligence (AI) applied to phishing attacks to obtain access to target networks and to extend the reach of a ransomware attack, for instance, for which AI-powered automation has been used to mitigate ransomware attacks of 2023.
Ransomware attacks due to AI have increased over the past 12 months. There is no sign that it will slow down anytime soon, underlining the impact that it has had on ransomware attacks. As technology moves forward into the 21st century, it is believed that hacker-generated AI will become an increasingly useful tool for crafting increasingly effective attacks regardless of traditional attack methods' enduring success.
There has been a dramatic increase in ransomware attacks between August 2022 and July 2023 as reported by the security firm Barracuda. There is no doubt that AI-driven phishing campaigns are driving this surge of attacks. However, there is also an increasing use of automated attacks to increase reach, also using AI, which helps create these attacks.
Although traditional attack methods will continue to be successful throughout 2023 and beyond, according to a recent report from the security firm Veracode, attackers will use generative artificial intelligence to develop attacks that are more effective as they progress.
According to blockchain data platform Chainalysis, the ransomware gang Conti took in $182 million in ransom payments during this year's ransomware season. Conti's chat conversations have been leaked publicly, and some of those leaks suggest that Conti may have invested some of his earnings in hiring penetration testers and investing in zero-day vulnerabilities.
Despite the abundance of doom-and-gloom predictions regarding cybersecurity, Hyppönen is more than just your average prognosticator with two decades of experience in software security. Having worked for his current company, F-Secure, since 1991, he has several years of experience in researching - and battling - cybercriminals since the earliest days of how the concept began to be considered serious.
It has been said that artificial intelligence and machine learning will change the game once introduced to the attacker's side. Several people agree with him on this point. Automating large portions of the ransomware process, for instance, could likely result in a much faster acceleration of attacks when it comes to ransomware. Gartner research vice president Mark Driver said Gartner saw a change in the market.
Often, ransomware attacks use a customized approach to target individual targets. That makes scaling them harder, Driver explained. It is still alarming, though, that ransomware attacks increased by nearly twice as much in 2021 as they had in 2017, according to SonicWall.
Compared to last year, when 34% of organizations were affected by ransomware and agreed to release payment, the percentage of organizations willing to pay a ransom rose to 58% in 2021, the report indicated.
It has the potential to allow attackers to target an even broader range of targets if they were able to automate ransomware using artificial intelligence (AI) and machine learning, according to Driver. A small organization or an individual could be included in this category.
Targets of High Popularity
Ransomware attacks have also increased more than twice as much in the infrastructure sector as they did last year, according to a recent industry report. Despite this, the most targeted sectors are the municipality, education, and healthcare.
Barracuda has identified several sectors as 'soft targets' because they are resource constrained and already have laws requiring them to report cybersecurity incidents. Some of these sectors are obligated by law to do so, adding to the data visibility.
Taking a closer look at the percent growth rate by sector, it was found that attacks against municipalities increased from 12 percent to 21%; attacks against healthcare increased from 12 percent to 18 percent; attacks against education increased from 15 percent to 18 percent; and attacks against infrastructure increased from 8% to 10%.
There has been an interesting drop since the late 2000s in attacks on financial institutions. Barracuda suggests that this may be due to an improvement in the organization's security posture which helped reduce attacks by 6% to 1%. Although the volume of publicly reported attacks is lower than the volume of publicly reported attacks in the top three sectors, there have been similar patterns of escalation in other industries over the past two years.
One of the biggest targets on this list of other industries was the software industry. The number of ransomware attacks in this sector has increased significantly from year to year. It is believed that these attacks may be a factor because they can destroy the supply chain. Therefore, they can serve as a springboard for more attacks on other industries, according to Barracuda.
As a result of the surge in ransomware attacks over the past year, manufacturers, media companies, and retail outlets have faced additional challenges. As noted by Fleming Shi, Chief Technology Officer of Barracuda, "Recent advances in generative artificial intelligence will only help ransomware gangs increase their attack rate with more effective cyber weapons to increase their profits."
The researchers examined 175 publicly reported successful ransomware attacks that occurred between August 2022 and July 2023, and they found that the number of reported ransomware attacks in the three primary categories we have been tracking - municipalities, healthcare, and education - has more than doubled since the year before, and nearly quadrupled since the year prior.
Despite the low volumes of attacks targeting infrastructure and technology industries, the number of attacks against this sector is more than twice as high as last year. This is when compared to the top three sectors. Since municipalities and education are resource constrained and have limited resources, they continue to be soft targets.
A successful healthcare or infrastructure attack can cause immediate and potentially severe harm to people's lives and that is why cybercriminals are trying to leverage these vulnerabilities to increase their chances of earning money.
Several countries have laws mandating that one or more of these sectors report cyber incidents to the relevant authorities. This makes the effects of these incidents even more visible.
Ransomware Resilience Best Practices
Preventive and Diagnostic Measures
A much higher priority should be made to ensure measures are taken to detect and prevent a successful attack from ever taking place in the first place.
With today's rapidly evolving threats, it is imperative to implement deep, multilayered security technologies, such as artificial intelligence (AI), zero trust access, application security, threat hunting, XDR capabilities, and effective incident response. This means that attackers can't easily enter the system and install backdoors, steal data, or encrypt data. They can only do this by spotting intruders and closing gaps to prevent entry.
According to a report published earlier this year called '2023 ransomware insights: market report', 73% of organizations have successfully suffered from a ransomware attack. This is why it is equally imperative to be resilient after suffering such an attack, as well as able to recover from it.
Adaptability and Resilience
Even when users have limited resources to recover from ransomware attacks, they can still get an effective response and recover effectively. Users should be prepared to deal with attackers taking advantage of business continuity, disaster recovery, and backup systems involved in business continuity and disaster recovery.
It is common for attackers not to request a ransom until they are certain that the victim has a limited capability to retrieve the data when we have seen many instances where the attackers refused to demand a ransom.