Wave of Cyberattacks Escalates With Increasing Aggression and Sophistication
Recent high-profile cyberattacks have underscored a surge in more sinister and aggressive techniques used by cybercrime groups to extort major corporations. A London hospital hack exposed millions of health records, disrupting critical cancer treatments. In North America, data about LendingTree Inc. customers was targeted after another breach, with credentials being auctioned off. Meanwhile, hackers executed back-to-back attacks on car-dealership software provider CDK Global, showcasing a trend towards relentless tactics to force compliance.
Escalating Tactics and Unyielding Demands
This shift towards more aggressive methods isn't random; it's a strategic move by cybercriminals to maximize disruption and, consequently, payment. As Kevin Mandia, co-founder of Ballistic Ventures, explained, the objective is to inflict more pain to ensure higher payouts or greater disruption. The consecutive attacks on CDK Global illustrate this, where auto dealerships across the US experienced prolonged downtime, pressuring them to meet ransom demands. Traditional ransomware methods, which involved encrypting data and demanding payments, are being eclipsed by tactics like leaking sensitive records and executing double-hacks.
Rising Ransom Expectations
Cybercriminals are not only aggressive but also more demanding. The sums requested have become extraordinary, with a recent demand of $50 million by Russian-speaking hackers following the London hospital attack. UnitedHealth Group Inc., for example, paid $22 million after a breach on its subsidiary, Change Healthcare. The growing pressure on victims is reflected in the first quarter's average ransom payment of $381,980, according to Coveware.
Ransomware-as-a-Service and Target Selection
Hackers have become more judicious in target selection, focusing on entities whose systems are pivotal to supply chains. The ransomware-as-a-service model has facilitated this strategy, whereby core hacking groups develop malware for other scammers, or affiliates, in exchange for a share of the ransom. This model is a favorite of the BlackCat group, contributing to the record-breaking ransomware payments that exceeded $1 billion in 2023, as reported by Chainalysis.
Targeting Researchers and Personal Harassment
The aggression extends beyond corporate targets to researchers investigating cybercrime. Threat analysts from Mandiant have reported experiencing harassment through AI-generated fake nude photos and orchestrated false emergencies involving police. This has led to unprecedented steps like researchers removing their names from reports on formidable cyber gangs. Coaxing executives into payments through personal threats, including spoofing calls from their children's numbers, represents another layer of this intimidation tactic.
Health Sector Under Siege
The health sector has witnessed alarming boldness in cyberattacks. The London hospital attack disrupted patient care for weeks, with threats to release stolen data realized. Similarly, the BlackCat group's hack on Change Healthcare disrupted services and payments for weeks, even after a ransom was paid. The 2022 Medibank attack in Australia marked a turning point, as extortionists leaked sensitive patient data after their ransom demand was unmet, including information on abortion procedures, and harassed patients in hospitals.
Law Enforcement and Response
Despite enhanced actions from international law enforcement, cybercriminals often operate from regions that shield them from extradition, leading to a low fear of retaliation. President Joe Biden has committed to tackling ransomware, and the Department of Justice has established a dedicated task force. While these efforts have resulted in more arrests, the proliferation of new ransomware groups continues. The accessibility of pre-made ransomware kits, available for as little as $10,000, facilitates the entry of new actors into the cybercrime landscape.
This upsurge in cybercrime underscores the evolving and escalating threat landscape, increasingly impacting essential services and personal lives alike.