2020 was a very colorful year. A pandemic, US elections under high tension, natural disasters in many countries etc., all of these challenges we have had to face in recent months. While many are not aware of it, the pandemic has led to a dramatic increase in the number of cyberattacks around the world, and many experts fear these will add to the already dire economic situation.
And as always, the more things change, the more they look alike. Most of the attacks launched in 2020 were very similar to those in previous years. Among them, ransomware ranks first among the most frequent threats in 2020.
How does ransomware grow? why are they so frequently used? What are the consequences for cybersecurity? Already two months since we entered 2021, what trends and perspectives are starting to emerge?
Growing ransomware attacks
For more than 10 years, the threat of ransomware attacks has intensified and this method has become extremely popular with hackers. More and more attacks are reported each year, and this trend is not about to abate. Even though you might think that ransomware is still the same, Think again: they are more and more sophisticated and the vectors or mechanisms used for their infiltration are rapidly diversifying.
Phishing has long been used as a gateway to device systems, but the democratization of teleworking has contributed to the rise of another method, the Remote Desktop Protocol, whose security system left something to be desired. In addition, computers are no longer the only targets and all devices are now exposed to ransomware. Today, more than 50% of business computing devices are mobile, and many companies have developed their infrastructures based on the IoT. These new organizations and infrastructures therefore induce new problems in terms of the security of corporate networks, in particular because cybersecurity engineers try to secure endpoints in BYOD environments.
CIOs and IT managers in the private sector are already well aware of the threat of ransomware. But, although companies are prime targets for hackers, they were not the only ones to suffer from ransomware attacks in 2020. Healthcare players and institutions have indeed been particularly put to the test. Even during Christmas time, hackers gave the healthcare system no respite: the Center hospitalier Albertville-Moûtiers (CHAM) announced on December 23 that it had been the victim of a ransomware attack, making it impossible to access patient records and certain medical equipment. A few days earlier, it was the Narbonne hospital that bore the brunt of a targeted attack (causing the outright cut-off of Internet access). Worse still, the European Medicines Agency (EMA), which was plagued by authorizations for several COVID-19 vaccines also came under attack in which vaccine-related documents from Pfizer and BioNTech were hacked.
This year, hackers not only launched attacks on healthcare players, but also blackmailed them by exfiltrating encrypted data. Moreover, many players around the world have had to pay large ransoms to recover stolen patient data. This new trend is particularly worrying, all the more so as healthcare institutions are clearly not sufficiently prepared to face such sophisticated attacks. For their part, hackers are more experienced and now know how to recognize fragile targets, and unfortunately, health was one of the favorite sectors in 2020. In this year alone, more than 750 health care providers were affected, which would represent a collective cost of around $ 4 billion.
Hackers still confident
Less obvious than the sophistication and targeting of new sectors, another trend remains nonetheless notable in the field of ransomware: hackers are convinced by their methods and aware that they very easily slip through the cracks. This is all the more visible as companies take an average of 6 months to realize that an attack has been carried out against them.
In 2020, businesses faced an upsurge in state-sponsored cyber attacks. The main protagonists or hacker groups have in part been identified, but others have not shied away from directly claiming their attacks. Sadly, we got a glimpse, in 2020, of what a cyber war might look like in the near future: a world in which states are free to attack the economic infrastructures of other countries without having to bear the consequences.
This lack of fear has also contributed to a transformation of the ransomware universe. The RaaS (Ransomware as a Service) are now part of the threat landscape and even growing in popularity. Likewise, there are worrying signs that the widespread targeting of Western smart cities by hackers will leave critical infrastructure vulnerable to attack.
Until now, smart cities have been protected by one of the unspoken rules established by hackers: civilian infrastructure remains out of reach and not targets. But with states attacking each other’s energy and trade infrastructure, it’s only a matter of time before we see a massive attack on a smart city.
While the risk of ransomware is growing, businesses and organizations still seem better prepared to deal with this type of threat. The implementation of best practices (such as the encrypted backup of critical data) and the rise of security solutions for mobile devices are also encouraging signs.
However, a more comprehensive and nuanced approach to IT risk management will be needed if institutions and businesses are to stay afloat and continue to provide quality products and services. Many security solution providers also offer monitoring and advisory services to help businesses and institutions more easily establish a culture of cybersecurity based on prevention.