What is not working for big organizations against their fight with Raas groups is they keep on investing in customer success stories and strong partnership.
The latest report of Akamai focus on organizations that execute these attacks, and their ways of operation. Ransomware as a service (RaaS) groups have grown into businesses, with structures mimicking the very companies they seek to extort and have a dedicated customer service representatives, new employee training, and more.
This agile business structure helping RaaS groups execute attacks and create momentum.
In spite of all the investments companies make in traditional perimeter and endpoint security technologies, data breaches and ransomware attacks continue to make headlines. Mainly as the RaaS providers ransomware-as-a –service, are getting into an organized business model.
This model is assisting cyber criminals with critical software services keeping the tools simple to launch attacks on businesses. The rapid growth of ransomware attacks can be dedicated to growth of RaaS providers who are very proficient in their business and are up to date.
Akamai researchers have been analysing and researching RaaS providers to reveal some of the underlying mechanisms that have contributed to their success. The results provide a thorough reporting of attack trends, tools, and the mitigation that must follow.
o 60% of successful Conti ransomware attacks are on U.S. organizations
o 30% of successful Conti ransomware attacks are on EU organizations
o Manufacturing is highest on the list of Conti victims, highlighting the risk of supply chain disruptions.
o Critical infrastructure accounts for 12% of overall victims
o Business services attacks account for 13%, which emphasizes the potential for supply chain cyberattacks.
o The overwhelming majority of Conti victims are businesses with US$10 million to US$250 million in revenue.
o TTPs hint at the need for strong protections against lateral movement and the critical role those protections can play in defending against ransomware.
Conti Groups and their ways of working
Akamai researchers have found leaked documents gathered data from Conti’s dark market place, a point where victim’s data is analysed, and sold.
The goal of Conti group is to demand ransom from victim. The emphasis is on hacking and hands-on propagation, rather than encryption.
Approximately 40% of Conti victims are businesses in the US$10 million to US$250 million revenue range says the research.
Conti groups focus on driving attention of network defenders to kill chain instead of focusing on the encryption phase.
The Global attack trends: According to Chainalysis, the ransomware group was the highest-grossing ransomware group in 2021, with an estimated revenue of at least US$180 million.
Conti is a notorious RaaS group that was first detected in 2020. The above data points that 57% of Conti victims come from the United States, followed by the United Kingdom, Germany, and Italy. This could indicate a heavy slant toward the North American and European regions in terms of Conti’s target selection.
Attack by Conti group Industry and vertical ways:
The above data collected by Akamai researchers indicate attack on manufacturing organizations are the highest hit. This also indicates a high number of disruptions and cyberattacks in supply chain system due to vulnerabilities through third parties and increased number of attacks on critical infrastructure. The high number of manufacturing victims is difficult to ignore and growing each day.
Attacks on manufacturing can cause far-reaching effect on supply chain of pharmaceutical companies, food and beverage, automotive, and medical devices. Business disruption in these verticals can create a shortage of goods that can create large-scale impact, overtime.
The growing attack on Supply chain
The researchers are concerned about cyber-attack on supply chain basically breach attack by third party to get to a larger, more lucrative victim.
The rising numbers points to the risk on supply chain through cyberattacks via third party.
Third party mean providers who are providing services to organizations and may have access to sensitive information. These information can be used potentially to attack against affiliated companies.
The reason for Ransomware attacks on manufacturing industry to supply chain is financially motivated and an analysis of attacks by revenue revealed success rates of RaaS groups against different sizes of companies.
RaaS groups target only the largest organizations, but a closer observation revealed different picture of victim distribution through revenue groups.
The above figures revealed that majority of successful ransomware attacks happened in the lower revenue brackets and the publicized attack by ransomware are hardest hit not necessarily the largest organization.
As per RaaS group’s strategy, companies who are not strong enough to defend themselves and make enough revenue to pay a substantial ransom are main targets for Conti and other RaaS groups.
Understanding the attackers’ toolkit
Let us look at the arsenal of tools that are used by ransomware operators called ‘kill chain’ as illustrated in DFIR reports. DFIR reports tell us how those TTPs were used in actuality. They both paint a similar picture. A typical ransomware kill chain looks something like this:
A mature organization will know that a persistent attacker will relentlessly look for ways to succeed. Despite implementing all the proper defences, there always exists a chance that networks may be breached.
However law enforcement agencies do not encourage organizations to payment of ransom demands. As there is no guarantee of getting back the data and systems may get infected. The more Raas groups are paid ransom they will get bolder and may target again in future. In some of the cases cyber attackers threaten to publish data and brand image is affected. Organization should take measures to minimise the impact of data exfiltration and use a defence in-depth strategy.
Big organizations are behind in many ways like lack of understanding changes in the social and user behaviours which impact how customers use their products. Simplifying things will help like patching etc. What clients look for is an easy to do instruction sort causing less hassle and time to grasp.
(Image Courtesy: www.protecciondatos-lopd.com)