Mid-sized businesses on hackers’ 2022 hit list, cyber agencies warn
Cyber criminals are "shifting away from big-game hunting", say FBI and NCSC
Mid-sized businesses are now the main target of ransomware gangs, with hackers seeking to avoid the public scrutiny that comes with going after high-profile public services or well-known brands.
The National Cyber Security Centre (NCSC), alongside its US and Australian counterparts, said criminals are no longer engaging in the sort of "big-game hunting" that have resulted in world-wide press coverage in recent years, as outlined in a joint advisory published on Wednesday.
The FBI have observed that attacks on Colonial Pipeline, JBS Foods, and Kaseya in 2021 in particular, led to a noticeable shift in behaviour.
“Big-game” attacks had also been observed in Australia and the UK over the course of the year, with the NCSC describing the top victims of 2021 as “businesses, charities, the legal profession, and public services in the Education, Local Government, and Health Sectors”.
However, hackers are now opting to target mid-sized organisations in an effort to reduce public – and often international – scrutiny, the report found. It comes after a recent Mitre-Harris Poll survey found that almost nine in ten Americans believe that a ransomware attack should be treated as an act of terrorism, which could potentially lead to increased chances of the involvement of law enforcement.
Using cyber criminal services-for-hire has become a popular tactic among hackers, alongside phishing emails and the exploitation of remote desktop protocols (RDP) as well as software vulnerabilities.
The agencies are urging organisations to keep all operating systems and software up to date, to secure and monitor RDPs, and increase their use of multi-factor authentication (MFA) – a protection method which is known to reduce account breaches by 50%.
Staff should also be adequately prepared for potential attacks with the help of user training programmes and phishing exercises, the advisory warned.
RELATED RESOURCE
Vulnerability and patch management
Keep known vulnerabilities out of your IT infrastructure
The shift away from high-profile targets has been predicted by a number of cyber security researchers following the Colonial Pipeline attack. In July 2021, Quest senior director of product management Paul Robichaux told IT Pro that "ransomware gangs that attract too much attention by attacking the wrong targets are going to bring the heat on themselves and get put out of business through law enforcement activity".
Hence, the "smarter" hackers "will pick their targets more carefully, both by industry and by geography".
“The smartest will focus only on territories where there is unlikely to be any meaningful law enforcement or intelligence community response and focus all their activity there," he added.
-
Apple’s Siri overhaul is a ‘watershed moment’ in its long-awaited AI pushNews The revamped Siri AI could put to rest questions over its lackluster approach to AI, providing it nails the roll-out
-
AMD chief exec Lisa Su touts UK’s AI potential as firm eyes £2bn investmentNews The deal will see a new AI supercomputer built in Cambridge and partnerships with Imperial College London and Oriole Networks
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
