Avishai Avivi, the Chief Information Security Officer (CISO) of SafeBreach, highlights the increasing threat of ransomware attacks in 2023. He emphasizes that no organization is safe, as ransomware groups target public, private, government, healthcare, and educational institutions. Avivi suggests that businesses should start by understanding the popular patterns and types of attacks used by these groups. Armed with this knowledge, organizations can implement effective security controls and continuously validate them to identify gaps and take proactive measures. Avivi identifies four ransomware trends observed by SafeBreach in 2023.
Firstly, there has been a new focus on healthcare, schools, and government organizations. Ransomware attackers are financially motivated and target victims who are vulnerable and have the means to pay. Healthcare entities, with their valuable patient data and critical services, have faced a significant rise in attacks. Examples include breaches at NextGen Healthcare, Harvard Pilgrim Health Care, and HCA Healthcare. Governments and universities have also become common targets, as seen in the MOVEit campaign that impacted Maximus, Colorado State University, and Washington State University.
Secondly, ransomware groups have exploited vulnerabilities in the supply chain. In the MOVEit and GoAnywhere campaigns, the Clop group targeted flaws in popular managed file transfer systems used by numerous companies. Avivi emphasizes the importance of adopting a zero-trust architecture and practicing caution when transferring data through third-party vendors. Applying secure-by-design and privacy-by-design principles can prevent data exposure, and organizations should assume that every supply-chain vendor is insecure and leaking data.
Thirdly, there is a split between “spray and pray” and “big game hunting” methods used by ransomware groups. While “spray and pray” attacks target smaller organizations for smaller payouts, “big game hunting” focuses on larger organizations for maximum profit. Avivi predicts that larger organizations will invest in proactive security measures, making “big game hunting” less feasible for threat actors. However, this may lead to an increase in “spray and pray” attacks.
Lastly, Avivi highlights that profit is not the only motivation for ransomware groups. Nation-state actors from countries like China, Iran, Russia, and North Korea aim to cause damage to western organizations and governments. These groups are unpredictable and pose a significant challenge in detection. Avivi advises organizations to understand these ransomware trends and fortify their security practices. Implementing multi-factor authentication, least privileged access, and staying up to date with software patches are essential. Additionally, organizations should proactively identify gaps in their security controls using breach and attack simulation tools to strengthen their resilience against attackers.
Key Points:
1. Ransomware attacks are on the rise, targeting organizations of all types.
2. Healthcare, schools, government, and universities have become frequent targets.
3. Vulnerabilities in the supply chain are being exploited by ransomware groups.
4. Ransomware attacks range from indiscriminate “spray and pray” to targeted “big game hunting” methods.
5. Nation-state actors are motivated by causing damage to western organizations and governments.
6. Organizations should fortify their security practices, including multi-factor authentication and continuous validation of security controls.