Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It’s time for everyone to strengthen the kill chain.
Ransomware doesn’t discriminate – today, every sector faces risks.
But we are seeing changes in which sectors are being targeted the most. For instance, while healthcare and education have long been considered the most heavily attacked, that’s shifting. In the latest FortiGuard Labs Global Threat Report, researchers found that the prevalence of ransomware in those two sectors was lower than managed security service providers, the automotive and manufacturing sectors, telecommunications, and government.
The common denominator is that the more an industry becomes digitized, the more opportunity there is for cybercriminals. Let’s look at some of the rising threats in these industries, what that means and what needs to happen next.
Bad Actors Shift to Industrialized Sectors
As we saw with the attacks on Colonial Pipeline and JBS Foods, industrialized sectors aren’t immune to cyberattacks. In fact, they’re becoming increasingly popular with bad actors. For example, manufacturing became a bigger target in the first half of 2021, with FortiGuard Labs researchers finding that ransomware was detected in 32.5 percent of these companies. That’s compared with just 12.1 percent in the first half of 2020 (PDF).
Automotive was another sector that saw an increase in ransomware activity: 33.6 percent in 2021, compared with just 10.8 percent in the first half of 2020 – a significant jump. And what’s more, a recent report (PDF) from a cybersecurity ratings firm examined how prepared the automotive industry is and found that about half of the top 100 companies are “highly susceptible” to a ransomware attack.
Agriculture also saw a rise in these attacks. This may seem an improbable target to some, but if you consider how tech-dependent agriculture has become, these findings make sense. A modern farm or other type of agricultural facility can have a huge number of internet-of-things (IoT) devices deployed, each with its own connections and exposures.
In the first half of 2021, ransomware was detected in 28 percent of agriculture organizations that researchers observed. That’s up from 9.1 percent in the first half of 2020. Researchers also observed agriculture to be among the sectors attracting more exploit attention.
The Current Threat Landscape
The past year and a half has been one of the busiest eras for cybercriminals due to the pandemic’s major shift in the cyber threat landscape. The sudden shift to remote work caught many off guard and left their networks susceptible to cybercrime. Now, as work models shift once again in many countries, it is crucial to reconsider how these threats will affect the transition and how organizations can secure their networks.
At this time last year, bad actors had reassigned their resources from enterprise infrastructure devices to home networks and consumer-grade products. Now, though, they are aggressively targeting both. Top intrusion prevention system (IPS) detections, for example, show that while cybercriminals aggressively target small business and consumer-grade technologies to exploit remote workers, they have also returned to targeting corporate networks and content management and application development platforms.
The ransom-as-a-service (RaaS) model is also gaining traction, wherein criminals basically take on the mindset of a defender, by ransoming their “consulting services” and revealing to organizations how they gained access to their networks. It’s an interesting change in their mindset, and it’s a proven model that makes money for the ransomware operators and their affiliates. In some cases, campaigns make millions of dollars.
A Strategy for Security
While law enforcement and government agencies have taken actions against cybercrime in the past, the first half of 2021 could be transformative with respect to momentum for the future. They are working with threat intelligence organizations, industry vendors and other global partnership organizations to combine resources and real-time threat intelligence to take direct action against attackers.
Even so, automated threat detection and AI remain pivotal so organizations can fight attacks in real time and mitigate attacks at speed and scale across all edges. In addition, cybersecurity user awareness training remains as important as ever, with everyone being a target for cyberattacks. Everyone needs regular training on best practices to keep employees and the organization secure.
Strengthen the Kill Chain
Bad actors aren’t going to stop their nefarious activities, and the more any sector becomes digitized, the more opportunity there is for them. This means organizations across sectors must maintain a strong security posture. Partnership; training; and AI-powered prevention, detection and response are vital to defend against the threat.
Countering cyber adversaries requires ongoing cybersecurity awareness training and AI-powered prevention, detection and response technologies. For comprehensive security, zero-trust access and security-driven approaches are essential. Most importantly, security devices must be integrated across endpoints, networks and the cloud.
It’s time for everyone to recognize their essential role in strengthening the kill chain. To disrupt cybercriminal supply chains, collaboration must be a priority. Forming partnerships and sharing data enable more effective responses and better predict future techniques to thwart attackers’ efforts.
Aamir Lakhani is a global security strategist and researcher at Fortinet.
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.
