According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. The 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over, it can take an extended period of time to restore data.
One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.
The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.
Take for example the recent Grand Theft Auto Six leak, a breach that is now named one of gaming’s biggest security breaches to date. Rockstar Games remain unclear how the network intrusion occurred, but the hacker claims to have gained access by breaching Rockstar’s Slack channel, the communication platform used for internal collaboration. They then invited executives to negotiate a payment to avoid further leaks, claiming to have access to the game’s source code and hoping to sell the unpublished data back. The hacker also claimed to be responsible for the Uber data breach, which involved the attacker gaining administrative access to Uber’s entire network, even being able to control the initial response to the hack itself through total control of the Slack account.
There is also evidence of increased attacks in industry and on core business functions. Last month an attack on South Staffordshire Water was conducted by a ransomware group called Cl0p. This attack was specifically targeted during a critical time for water companies, due to the implementation of water usage restrictions as the country facing the prospect of a national drought. The hacking group breached the company’s security and boasted that it would be easy to change the chemical composition of the water, potentially making it unsafe. C10p has been known to use Cobalt Strike in their ransomware attacks, a tool that is supposed to be used ethically for vulnerability detection. Yet hackers are increasingly utilising it for the opposite effect as it allows for a more profitable ransomware attack.
Data Protection laws require organisations to design data protection into information processing activities from the start, and to review and update the controls regularly. As cyber criminals evolve and the accessibility of previously complex tactics and methods increases, businesses must evolve and enhance their technical and organisational measures, to reduce the risk of harm to their operational activities and the people who rely on them. To ensure your cyber defences remain effective in a fast-paced threat landscape, you need to be basing them on actionable intelligence in the context of your organisation’s operating environment. Understanding the risks to your commercial interests and to the individuals in your community, in the context of the types of attacks happening now, allows you to focus your resources on the most important controls.
Gemserv’s integrated Cyber and Digital team includes technical specialists in cyber security, real-time threat intelligence and data protection who work together to help our clients protect their organisations and communities effectively and efficiently. We believe in ‘making the things that matter work better for everyone’. If your organisation does things that matter, find out how our approach to your defence can help you stay safe and grow.
Camilla Winlo, Head of Data Privacy and Ian Rutland, Head of Cyber Security at Gemserv
