Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend
With ransomware seeing a resurgence, the landscape of cyber extortion continues to evolve at an alarming pace.
From small businesses to healthcare providers, no sector seems immune to the growing sophistication of cybercriminals.
As organisations grapple with these challenges, new trends are emerging that demand attention and action.
Yet knowing is half of the battle. Therefore, Orange Cyberdefense released a report that examined the current state of cyber extortion, so individuals and organisations alike can prepare.
To dig deeper into the results and, Cyber Magazine spoke with Wicus Ross, Senior Security Researcher at Orange Cyberdefense, about the insights revealed in their recent cyber extortion report.
- Wicus Ross is a Senior Security Researcher at the Security Research Center for Orange Cyberdefense. He is responsible for investigating industry events and trends, with the primary aim of understanding how these may impact businesses. This understanding is then translated into advice and guidance that benefits both customers and the security community as a whole.
The Cy-Xplorer Report sheds light on the evolving landscape of cybercrime, particularly focusing on the increasing vulnerability of small businesses and the shifting patterns of cyber attacks across various industries.
One dramatic finding was how small businesses are four times more likely to be targeted by cyber attackers compared to larger enterprises.
"Firstly, large businesses have access to resources and can employ skilled professionals. This enables them to be better prepared in general. However, being large is a double-edged sword as it could also increase your attack surface,” Wicus explains.
“Although proportionally large businesses are fewer, as victims they are overrepresented. Secondly, more smaller businesses exist so statistically attackers will compromise smaller businesses more."
The report also reveals that 75% of countries have been impacted by cyber extortion since 2020, with predominantly English-speaking countries such as the USA, Canada, and Great Britain being more susceptible to these attacks.
"The US is the largest economy in the world thus if you were to extort money from someone you go to where the money is as your chances increase that they'll pay,” says Wicus.
Canada's prominence in the data is a side effect of proximity to the US. The UK is considered part of the rich Western world with a strong economy, hence why it’s also another alluring target.
An overlooked factor that unites all of these targets, however, is the English language.
“The attacker has a sense of the business mentality/culture. To compromise a company that does business in a country whose culture and language are foreign may be a hurdle too high, so the attackers focus on regions they are comfortable with," Wicus elaborates.
This explanation highlights the economic and cultural factors that influence cyber attackers' targeting strategies.
An increasing threat
A particularly alarming trend identified in the report is the 160% year-on-year increase in cyber extortion incidents in the healthcare and social assistance industries.
"Ever since the COVID-19 pandemic, cyber extortionists have steered clear of healthcare and similar industries. It was almost a 'moral or ethical agreement' among these cybercriminals,” says Wicus.
“Recent successes by Law Enforcement over the last couple of years have disrupted the cyber extortion ecosystem. This has accelerated the fragmentation of groups and the new formation of cyber-criminal factions, pushing the boundaries that cyber criminals need to explore."
This shift in targeting healthcare sectors represents a significant change in the cybercrime landscape, potentially putting sensitive patient data at risk.
The report also touches on the potential impact of Gen AI on cyber attack and defence.
"GenAI is a catalyst or enabler. As with any tool it can be used for good or bad,” says Wicus. “GenAI could bridge gaps in knowledge and skills rather than being an autonomous destructive force."
While GenAI may not directly change cyber extortion methods, it could potentially lower the barriers to entry for cybercriminals globally.
Rinsing and repeating
Another significant trend identified is the re-victimisation of organisations. This means attacking the same organisations again and again following successful attacks.
Wiccus explains how re-victimisations, however, often grows out of inadequate action taken post-attack: "Hypothesis 1: The organisation suffers another cyber-attack because it did not learn from its previous mistakes or was unfortunate to fall victim to a new attack.
“Hypothesis 2: Attackers still have access to the business, and similar to the previous point the business did not manage to expel the attackers.The intruders resell the access to someone else who then runs another extortion campaign. Hypothesis 3: The attacker that compromised the organisation is greedy or desperate and takes the stolen data to another extortion group. They try to extort the victim again, hoping for a payout."
In light of these evolving threats, Wicus emphasises the importance of proactive strategies for organisations.
This involves strategies such as enabling people to respond to ransomware incidents, having an Incident Response team on standby, implementing proactive vulnerability management, and using phishing-resistant authentication.
Cyber resilience for today’s threat landscape
Looking to the future, Wicus predicts that while attackers will continue to exploit known vulnerabilities and social engineering tactics, organisations must evolve their strategies continuously:
"It's important to have a strategy to mitigate threats and reduce risks by continuously evolving these strategies,” he says. “For example: Identity and Authentication Management is important. Stay abreast of the latest attack and exploit techniques that target identity and authentication and adapt."
This forward-looking approach emphasises the need for organisations to remain vigilant and adaptable in the face of an ever-changing cyber threat landscape.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand