- Ransomware is currently the most prevalent global cybersecurity risk, as threat actors have become more brazen and are targeting everything from large companies to school districts to hospitals, according to a keynote address at the RSA Conference by Dmitri Alperovitch, chairman of Silverado Policy Accelerator and the co-founder and former CTO at CrowdStrike, and Sandra Joyce, EVP of threat intelligence at FireEye Mandiant.
- Ransomware morphed into a dual threat as extortion has become a method to shame companies into paying huge sums of money, according to Joyce. She cited recent extortion attempts in the tens of millions of dollars, including a recent $50 million demand. Some national governments allow ransomware gangs to operate freely, and in some cases work alongside government intelligence services.
- The relationship between the U.S. and its leading nation-state adversaries, Russia, China, Iran and North Korea, is at its lowest point in at least 60 years in terms of the threat landscape, Alperovitch said. As a result, adversaries are becoming more and more reckless and open in their activities, raising concerns about what could happen in the future.
Coming on the heels of the SolarWinds and Microsoft Exchange Server campaigns, organizations are at greater risk of cyberattacks with threats spanning sectors, from national governments to major corporations.
A spate of ransomware attacks have targeted critical infrastructure facilities such as the Colonial Pipeline and hospital systems in Ireland. Not only have the the payout demands changed, but threat actors are using extortion to put additional pressure on companies to negotiate payments.
"They're using extortion in really shaming ways, so they'll threaten to dump data that they've found," Joyce said. "They'll even call competitors, they'll call your customers, they want to use shame as a tool, and that puts organizations in an impossible situation."
An M-Trends report released in April from FireEye Mandiant identified more than 800 alleged multifaceted extortion victims that likely had data stolen. Mandiant gathered the data over a 12 month period ending the end of September 2020.
Companies can risk violating Office of Foreign Assets Control (OFAC) laws if they make ransom payments to threat actors in certain countries. The U.S. Treasury Department, which oversees OFAC, put out an advisory in October 2020 that warned companies about the potential risk of sanctions if a ransom is paid.
Ransomware attacks in the future could also target firmware, which could do significant damage to computer hardware inside an organization, according to Alperovitch. So far industry has not seen specific ransomware attacks going after firmware, but he said that could potentially become an issue.
The Tokyo Olympic games, scheduled to begin in late July, will also likely be targeted, as the first major global sporting event since the beginning of the COVID-19 pandemic will be a showcase for a statement attack.
"The Olympics provide threat actors the ability to send a message, and do it at scale," Joyce said.