Ransomware attacks against municipalities have steadily increased in recent years, and according to the 2022 Cyber Security Statistics report from PurpleSec, 48 of 50 U.S. states, as well as the District of Columbia, experienced at least one ransomware attack between 2013 and 2018. Another report from the researchers at BlackFog also warned that the technology, education, and government sectors continued to be the most attacked vectors – seeing 24%, 62%, and 43% increases respectively.
It was just a year ago that the Colonial Pipeline, the fuel pipeline operator that supplies 45% of the East Coast’s supply of diesel, gasoline, and jet fuel, was taken offline after it was impacted by a ransomware attack. Unfortunately such high-profile and brazen attacks – where a system is locked until the owner/operator agrees to pay the hacker(s) a ransom – show no signs of going away.
One problem is that too often, organizations, agencies, and even communities are all too willing to pay the ransom.
A Software Problem
Hackers also continue to look for weaknesses in a network, and a failure to keep software patched remains an issue. These provide holes that can all too easily be exploited.
“As long as there is software, new vulnerabilities will be found,” warned Erich Kron, security awareness advocate at cybersecurity collective KnowBe4.
“That is why it is critical for organizations to have a vulnerability and patch management program in place that can address issues such as these. CISA (Cybersecurity and Infrastructure Security Agency) has done a great job by listing vulnerabilities that are being exploited, helping organizations prioritize their efforts in getting mitigations or patches in place,” Kron told ClearanceJobs. “While vulnerabilities are constantly being found, those that are being actively exploited should take precedence over those that are not, especially if the patch relates to items such as routers or other internet-facing devices.”
Phishing Attacks Also on the Rise
Sometimes hackers don’t actually need to probe a network for vulnerabilities, as the human element often remains an even weaker link. That fact explains why phishing attacks have also been on the rise this year. According to new data from the Anti-Phishing Working Group (APWG), there were more than one million phishing attacks in the first quarter of 2022 – the worst quarter for phishing that the APWG has observed to date, and the first time a three-month period exceeded a million attacks.
More than 384,000 of those attacks came in March, a dubious milestone to say the least. Attacks against webmail and software-as-a-service (SaaS) remained prevalent; while phishing attacks social media services rose as well.
The danger is that phishing attacks can often be how ransomware is able to infect a network, which is why these different reports are so alarming. Every entity that has networked computers is now increasingly at risk, and often all it takes is for one individual to do the wrong thing.
“With the increased involvement of nation-state actors and the cyber cold war intensifying, phishing is a key attack vector to establish backdoors and/or credential theft,” explained Rajiv Pimplaskar, CEO of VPN software provider Dispersive Holdings, Inc..
“Phishing is often used in conjunction with other forms of MITM (man-in-the-middle) or supply chain attacks to try and log in rather than hack into most conventional cyber defenses with relative ease,” Pimplaskar told ClearanceJobs.
“Phishing is just the first step to the cyber kill chain – e.g. a foothold onto a device that has access to the victim’s environment,” added Garret Grajek, CEO of cybersecurity research firm YouAttest. “From there the hacker is going to want to increase privileges, move laterally, stay persistent and communicate back to the C2 (command and control) center. The key is to stop the user early in the cycle – zero trust and strong identity governance are key security measures to stop the hacker from executing the malicious steps of the attack.”
Anticipate, Protect and Recover
With such attacks on the rise, every entity should also continue with due diligence to proactively prevent and protect from hackers, but also to have a plan when a network is compromised. That final component has often been the missing link, which explains why some cities, and even the executives at Colonial Pipeline, were forced to pay off the hackers.
“We need to see a shift in this field from simply ‘cybersecurity’ to one of ‘cyber resilience,'” said Kris Lovejoy, Kyndryl Security and Resiliency Global Practice Leader. “We need to be able to anticipate, protect against, withstand, AND recover from cyber threats.”
Lovejoy told ClearanceJobs that business as usual isn’t working, and a focus strictly on cyber defense will not suffice.
“Today it is no longer a question of whether cyber attackers will breach our defenses, but when they will break through and how much damage they will do,” Lovejoy explained. “Hackers only need to be skilled, or lucky, enough to break through just once; businesses and governments would need to fend off 100% of the constant attacks to remain safe—that’s a hopeless proposition. Eventually, attackers will penetrate our defenses no matter how good those defenses are.”
AI to the Rescue?
There are no easy solutions. In addition to continued training, regular backups, and updates, Lovejoy suggested that artificial intelligence (AI) could be part of the equation.
“It’s clear nation-states seeking an advantage in cyber competition are turning to AI both for offensive and defensive applications. On the defensive side, AI automation of cybersecurity tasks previously handled by analysts, as well as detecting so-called ‘dark patterns’ from large quantities of data, demonstrates the possibilities of machine learning methods for detecting zero-day malware, threat detection, and automated remediation,” Lovejoy told ClearanceJobs.
“From an offensive perspective, the growing diffusion of AI tools and techniques in cybersecurity functions also presents a new front in cyber competition, specifically making the conditions even more conducive to cyber conflict,” Lovejoy continued. “As AI becomes the new normal in cyber operations, the line between offense and defense will continue to fade and may fuel the low-level drumbeat of cyber competition during peacetime. And during a crisis, the concern is the potential for AI technology to misinterpret information, signal, and event, possibly leading to an avoidable escalatory cycle.”