The year 2023 saw relentless cyber attacks globally, according to Check Point Research’s analysis of cyber attack data. The arm of cyber firm Check Point said that the threat landscape saw an evolution, particularly in how ransomware threats were executed. While ransomware continued to pose a serious risk, especially to smaller and less fortified businesses, a notable shift occurred with some attackers concentrating on data theft and purely extortion-based campaigns. This change in tactics is evident in two prominent attack campaigns: MOVEit, and GoAnywhere. These attacks did not use traditional encryption-based ransomware; rather, they revolved around extortion, with attackers demanding payment in return for not publicly releasing the stolen data. The education and research sector, previously a prime target, saw a notable 12pc decrease in attacks, although has still the highest volume of cyber attacks. Conversely, retail and wholesale faced a 22pc increase, indicating a change in attacker focus. The healthcare sector saw a 3pc increase in attacks.
More hacking groups boldly (though in some cases, falsely) were claiming responsibility for attacks. Another notable shift was observed in the execution of these ransomware attacks. The traditional focus was on encrypting victim data and demanding ransom for its release; an increasing number of cybercriminals in 2023 adopted a different approach. They concentrated more on data theft, followed by extortion that did not necessarily involve data encryption but rather threats of public disclosure of stolen data. This means a shift from disrupting operations through encryption of data, to using stolen data for monetary gains through extortion. This change underscores the adaptability of cyber threat actors, according to the researchers.
As for what to do, artificial intelligence (AI) has emerged as a powerful tool for defending against sophisticated and ever evolving cyberattacks. It has had a profound effect on both the efficacy of ransomware and other attacks methods, and the ability to defend against these advanced campaigns. One of the key areas where AI is making a significant impact is in threat detection and analysis. AI-powered cybersecurity systems (including those offered by Check Point) excel at identifying anomalies and detecting previously unseen attack patterns, thereby mitigating potential risks before they escalate.
Among examples of where ransomware attacks have had a real-world impact are, in the United States, the Colonial Pipeline; and over the winter of 2023-24, the British Library in London. On Monday Sir Roly Keating, Chief Executive, told BBC Radio 4’s PM programme that the Library hoped to offer ‘lessons learned’ publicly from March. As for whether the Library thought to pay the ransom, Sir Roly said that as a national institution it was ‘an easy decision to make’ to not pay. He acknowledged and apologised for the damage done to the Library services, such as researchers from abroad having spent thousands of pounds to travel to London, only unable to access material.
Comment
Jake Moore, Global Cybersecurity Advisor at the cyber firm ESET said: “The past few months have been extremely challenging for the British Library highlighting the critical importance of cybersecurity as major British institutions face the growing complexity of evolving security threats. The group Rhysida, known for their persistent approach, has been particularly notable for their use of double extortion tactics. This involves not only infecting organisations with malware but also simultaneously stealing their data, highlighting the urgent need for enhanced security measures – but not just in the traditional form of backups. Businesses must learn from this upheaval but if the British Library are to come back differently, onlooking organisations must also take note and act differently now too.”
The Library (pictured) had to return to 20th century tech such as ordering documents on paper forms. At reader registration, where Library users show ID for a plastic card as a pass, the BL could only issue temporary passes.
A webinar this afternoon by the defence and security think-tank RUSI launched a paper on the ransomware harms experienced by individuals, organisations and society; based on interviews with organisations and individuals affected by ransomware. You can download the 70-page paper freely from the RUSI website. The researchers are reporting next on ways to reduce or mitigate many of the harms.
More in the March print edition of Professional Security Magazine.
