Enroll Course

100% Online Study
Web & Video Lectures
Earn Diploma Certificate
Access to Job Openings
Access to CV Builder



Online Certification Courses

Hackers Have A Devastating New Target

Hackers have a devastating new target. 

Hackers Have a Devastating New Targets

Cyberattacks have increased significantly in recent months, frequently disrupting products and services that are critical to our daily lives. Several of those attacks used ransomware, a collection of tools that enables hackers to gain access to computer systems and disrupt or lock them until they are paid.

Ransomware is not a novel threat. However, hackers are increasingly targeting critical infrastructure and physical business operations, making attacks more profitable for bad actors and more devastating for victims. And, as remote work increased during the pandemic, significant vulnerabilities were exposed, making it even easier to carry out such attacks.

The US Department of Justice established a ransomware task force in April, after declaring 2020 the "worst year ever" for cyberextortion. The problem appears to be getting worse: Ransomware attacks increased by 102 percent in the first half of 2021 compared to the same period last year, according to a report from cybersecurity firm Check Point Software. That does not include recent events, such as Wednesday's announcement by a ferry operator serving Martha's Vineyard, Cape Cod, and Nantucket that it had been the victim of a ransomware attack.

The US government is stepping up efforts to combat ransomware, but experts warn that without significant private sector cooperation and investment, these attacks are likely to persist. 

 

Bigger targets, better returns

Many people believe cyberattacks are simply that: an attempt by hackers to steal sensitive data or money via the internet. However, hackers have discovered a lucrative revenue stream in targeting physical infrastructure.

These attacks have the potential to cause havoc in people's lives, resulting in product shortages and price increases. The greater the disruption, the more likely it is that businesses will pay to mitigate it.

"As a ransomware actor, your goal is to inflict as much pain as possible on these companies in order to compel them to pay you," said Katell Thielemann, Gartner's vice president of security and risk management research. "This is no longer a cyber-physical event; it has evolved into a cyber-physical event in which actual, physical-world processes are halted. When you can target businesses in those environments, it is obvious that the most pain will be felt because that is where they make money."

According to US officials, a number of recent ransomware attacks originated in Russia. The FBI confirmed Wednesday that the attack on meat producer JBS was carried out by a Russian-based cybercriminal group called REvil, which earlier this year attempted to extort Apple supplier Quanta Computer. REvil is similar to DarkSide, the group responsible for the ransomware attack that shut down the Colonial Pipeline last month, according to US officials.

Both REvil and DarkSide, according to experts, operate what amounts to "ransomware-as-a-service" businesses, frequently employing large staffs to develop tools that assist others in executing ransomware attacks and taking a cut of the profits. They may also carry out their own attacks in some instances. Russian law enforcement typically leaves such groups operating within the country alone if their targets are located elsewhere, cybersecurity experts say, because they bring money into the country.

JBS has not stated whether it paid the attackers a ransom, but Colonial Pipeline's CEO admitted to paying the attackers $4.4 million to resume operations. Although experts generally advise against paying ransoms in order to avoid funding the criminal groups that demand them, businesses are frequently left with little choice in order to reopen.

The list of possible targets is extensive. The US government's Cybersecurity and Infrastructure Agency (CISA) classifies 16 industries as "critical infrastructure sectors," including energy, healthcare, financial services, water, transportation, and food and agriculture, whose compromise could have a "debilitating effect" on the US economy and security. However, experts assert that much of this infrastructure is aging, and its cyber defenses have not evolved in lockstep with the evolution of bad actors.

To compound matters, many companies in those industries have historically not viewed themselves as technology companies, which mean their systems may be less sophisticated and thus more vulnerable to compromise, according to Mark Ostrowski, head of engineering at Check Point.

"So hospitals are in the business of saving lives; meat and poultry are in the business of producing goods and services; and pipelines are in the business of creating gas or oil exchanges," he explained. "Those specific industries may also be targeted because they are falling behind on [software] patching, or their cyber program is not quite up to par."

This has become more and more true over the last few years. As technology advances, more physical infrastructure becomes embedded with connected devices that connect it to the larger network of a business. Even if a hacker gains access to a company's network via its email system, for example, they may be able to wreck havoc on the machines in the company's manufacturing facilities or other areas.

"The world is becoming more connected," Thielemann said, and we should anticipate risks "multiplying across all of these industries."

 

How the pandemic made things worse

It is not coincidental that ransomware has increased in popularity during the pandemic.

The health crisis has created a perfect storm, with millions of people shifting to remote work almost overnight — including workers with access to critical infrastructure systems — and ransomware that can be deployed simply by clicking a link in an email.

"Critical infrastructure has always been designed with control systems physically separated from the corporate network and the internet," according to Eric Cole, a former Obama administration cybersecurity commissioner and author of the new book "Cyber Crisis."

"Beginning with automation and accelerated by the pandemic, these systems are now connected to the internet.... Their known vulnerabilities make them an easy target," Cole added.

Additionally, the pandemic heightened certain targets, as hackers sought profit opportunities by attacking critical services.

Hospital systems and other health providers, in particular, were frequently targeted while struggling to cope with the strain of Covid-19, leaving them little time to respond and update defenses. Between March and November 2020, CISA found that 49 percent of healthcare providers surveyed had "risky ports and services" and 58 percent were using vulnerable software versions.

According to a January report by cybersecurity firm Emsisoft, up to 560 healthcare facilities were infected with ransomware last year. Additionally, the firm stated that over 1,500 schools and 113 government agencies were impacted.

The targeting of healthcare facilities appears to predate the pandemic — according to Emsisoft's previous research, 764 healthcare providers were victims of ransomware attacks in 2019, though the firm's overall attack count increased in 2020.

 

What needs to be done

Businesses, organizations, and government agencies must now work quickly to plug potential security gaps in their systems, updating software, and ensuring that their most critical functions are adequately protected from cyberattacks.

President Joe Biden signed an executive order last month requiring companies that perform government work to improve their cybersecurity practices — requirements that Congress could extend to other private firms that support critical infrastructure and other levers of the US economy. Following the JBS and ferry attacks on Wednesday, White House press secretary Jen Psaki stated that the administration is also "assembling an international coalition to hold countries harboring ransom actors accountable."

The White House issued an open letter on Thursday urging businesses to treat ransomware threats more seriously, stating that businesses that "view ransomware as a threat to their core business operations, rather than a risk of data theft, will react and recover more effectively."

"Every company needs to be able to amplify this and become proactive, because these are weapons-grade attacks, not just random ones," Ostrowski explained.

For businesses, the simplest solution is to keep the most critical infrastructure functions off the web — and to keep any online systems patched, Cole explained.

And, while system-level upgrades or overhauls may be necessary at times, Ostrowski noted that the risk is frequently determined by individual behavior. The majority of ransomware is spread via phishing attacks, in which users are duped into clicking a link in an email that grants hackers complete access to their system.

"It's actually quite simple: For decades, the cybersecurity community has been attempting to solve the email problem," he explained. "It's first and foremost about resolving and preventing phishing attacks, which will result in anti-ransomware technologies."

Often, companies in healthcare, food, or energy lack executives or board members with the technical background or know-how necessary to assist in mitigating cyber risks, a situation that must change as bad actors become more sophisticated.

"I believe the industries anticipate an increase in the number of attacks," Ostrowski said. "If anything, this has demonstrated the critical nature of our supply chains."

 

Courses and Certification

Ethical Hacking Course and Certificate

Internet/Cyber Security Course and Certificate

Information Security and Cyber Law Course and Certificate 

Python Hacking Course and Certificate

Mobile Security Course and Certificate

SAP Security Course and Certificate

Computer Security Course and Certificate

Corporate Training for Business Growth and Schools