Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts.
In just the past few months, hackers have paralyzed shipping at some of Australia's largest ports; wreaked havoc on Las Vegas casinos; brought about a shortage of disinfecting wipes and garbage bags at Clorox Co.; and disrupted clearance of some Treasury market trades.
The surge in activity is all the more striking after ransomware attacks slowed by some measures last year.
The lull corresponded to the timing of Russia's invasion in Ukraine in February 2022, and some experts link it to the fact that many hackers are believed to be based in Eastern Europe and redirected their efforts or were otherwise distracted.
Other theories posit that hacking groups were lying low after a series of high-profile attacks drew the attention of law enforcement.
The hackers' success in getting paid rises in step with the amount of disruption they cause in a victim's computer systems, experts say.
One reason is that many victims, desperate to recover their data or keep it off the dark web, or both, wind up paying the extortion, which fuels further attacks.
Another is the scale and global nature of the industry, as many of the hackers are based in Russia or other countries that provide them with safe haven.
Growing awareness has led many organizations to invest in backup infrastructure that can be activated in an emergency and cyber incident response training, giving them leverage with the hackers to negotiate a lower payment or to avoid paying altogether, said Bill Siegel, chief executive officer of ransomware incident response company Coveware.
Tracking trends in hacking is notoriously difficult.
Data maintained by cybersecurity firms often includes only the experiences of their own customers, and leak sites maintained by hackers usually don't name victims who pay up.
A spike in ransomware attacks in 2021, including one on Colonial Pipeline Co. that upended fuel supplies on the US East Coast, prompted the Biden administration to declare ransomware a national security priority.
The Ransomware Task Force, a cyber-focused nonprofit, set out a list of 48 actions the public and private sector could take to mitigate such attacks, and as of Dec. 18 companies will be required to disclose cybersecurity incidents to the Securities and Exchange Commission within four business days of determining they are material to investors.
Under the new rules, businesses will have to report on the impact of the hack, including what data was publicly disclosed and to the processes the company took to mitigate risk.
The top hacking groups are perfecting a kind of franchise model, selling technologies and data to new entrants which then share the profits from their attacks, he said.
Cl0p was behind the breach of MOVEit file transfer software over the summer, an attack that has affected more than 2,600 organizations, according to Brett Callow, a threat analyst at Emsisoft.
LockBit was behind an attack last month against the US arm of Industrial & Commercial Bank of China Ltd., which disrupted the $26 billion US Treasury market, and an attack the month before that took down a website that Boeing Co. uses to sell spare aircraft parts, software and services.
Those attacks, and others like them, highlight what cybersecurity experts say is the growing use by hacking groups of sophisticated analog forms of social engineering to gain initial entry into an organization.
The shift to work-from-home for many employers has also created new security vulnerabilities - and opportunities for hackers, according to Jim McMurry, founder and CEO of cybersecurity firm ThreatHunter.
Some of the biggest attacks from the past year have involved hackers getting faster at exploiting software flaws immediately after they're publicly disclosed and before victims have much time to apply the required fixes, including for technologies necessary for remote work, he said.
This Cyber News was published on www.bloomberg.com. Publication date: Mon, 18 Dec 2023 00:29:05 +0000