A new report from Check Point Research has warned that organisations face increased threats from ‘triple extortion’ ransomware attacks.
Insights from the Cyber Attack Trends: 2021 Mid-year Report reveal how cybercriminals have exploited the global shift to hybrid working.
According to the report, organisations have experienced a 29% increase in cyber-attacks globally since the beginning of 2021, with the EMEA region contending with a 36% growth in attacks.
This increase means organisations in the EMEA region were forced to contend with a weekly average of 777 cyber-attacks.
Supply chain attacks have also intensified, with the Codecov and Kaseya attacks standing as a warning to firms globally. The CPR report earmarked the SolarWinds supply chain attack as an example of the disastrous impact these can have on global business.
“In the first half of 2021, cybercriminals have continued to adapt their working practices in order to exploit the shift to hybrid working, targeting organisations’ supply chains and network links to partners in order to achieve maximum disruption,” said Maya Horowitz, VP Research at Check Point Software.
Globally, the number of ransomware attacks has increased significantly so far this year, with a 93% rise compared to the same period in 2020.
This escalation of ransomware threats poses a huge risk to organisations of all sizes, CPR warned, with businesses across a range of sectors having incurred serious losses last year.
According to Cybersecurity Ventures, across 2020 ransomware attacks cost businesses worldwide a staggering $20 billion. These concerning statistics also marked a 75% on the year previous.
“This year, cyber-attacks have continued to break records and we have even seen a huge increase in the number of ransomware attacks, with high-profile incidents such as SolarWinds, Colonial Pipeline, JBS or Kayesa,” Horowitz added.
The rise of ‘Triple Extortion’ ransomware
In particular, the report highlights the emergence of triple extortion ransomware, a new technique posing serious challenges to organisations worldwide.
With triple extortion ransomware, hackers combine three types of cyber-attack: DDoS attacks, file encryption and data theft.
Notably, hackers don’t just target one specific firm. Instead, ransoms are demanded from company clients, third-party affiliates and even customers. This enables cybercriminals to extort more companies and reap bigger rewards.
According to previous insights published by CPR, the first major triple extortion incident was the Vastaamo clinic attack in October 2020.
The Finnish psychotherapy clinic suffered a year-long data breach and ransomware attack which led to patient data theft.
While a ransom was demanded from the clinic itself, smaller sums were also extorted from patients, many of whom received individual demands to their personal email accounts.
Cybercriminals threatened to publish therapist session notes unless ransoms were paid, which caused significant stress for patients.
- Scots turn to Facebook, Twitter for news as TV still reigns
- World’s most powerful tidal turbine joins UK grid in marine energy first
- Scotland’s last Auschwitz survivor leaves £500k for quantum research
Looking ahead, ransomware threats show no sign of slowing down, according to the report. The increased use of penetration tools will, CPR predicts, give hackers the ability to “customize attacks on the fly”.
“Over the past two years, we have seen an acceleration in the use of penetration tools, such as Cobalt, Strike and Bloodhound,” CPR said.
“These tools don’t just pose a real challenge from a detection point of view, they also grant live hackers the access to compromised networks, allowing them to scan and scroll at will.”
Check Point also believes the war on ransomware will intensify in the second half of 2021 as law enforcement and governments continue to crack down on cybercriminal networks and state-sponsored hacker groups.
“Ransomware attacks will continue to proliferate despite increased investment from governments and law enforcement,” the firm warned.
“With such investment and ever-more advanced tools, the authorities will enjoy some successes, but threat actors will evolve, and new groups will emerge in the ransomware arms race.”