Press "Enter" to skip to content

Big increases in data leaks as we review the ransomware landscape

If you missed it earlier this this week – the Pegasus spyware story.   This is the software sold by surveillance company NSO Group, and infected iPhone 11 and 12 models through iMessage.    It’s been revealed several governments used this software to hack into journalists, activists, politicians, and business executives.     There is a tool available that can be used to analyze Android devices and iPhone backups to know if the device was compromised.

Keeper Security’s report on ransomware finds that 93% of respondents noted budgets righten in non-security departments after a ransom payment, showing the whole organization absorbs the cost.   Forty-nine percent of respondents said their company paid the ransom, and 22% decided not to disclose that information.

Ransomware is also causing more data leaks – per Digital Shadows, there’s a 47% increase in Q2 compared to Q1 of the number of victims having data posted on data leak sites.    Double extortion tactics are on the rise too – and 60% of victim organizations are in the US.  

Canalys’s research focuses on the traits that make cyber security companies stand out.    Using online skills assessment tool Cybersecurity 360, these traits were found to include: running a dedicated cyber security practice, having a focus on managed services, as well as demonstrating the ability to sell to senior leadership within client organizations. 

The Australian government has formed a taskforce as well on ransomware, designed to be a cross-agency taskforce to target those attacks and coordinate to disrupt criminal gangs.  This move is similar to the move the US government recently made.

The French government has warned about attacks from Chinese backed APT31 against French organizations.     This comes in the context of warnings earlier this week about Chinese backed hacking groups being responsible for the Microsoft Exchange hacking campaign.  

And, traditional defenses are failing.   Cloudian’s 2021 Ransomware Victims Report says Half of organizations (49%) reported having perimeter defenses in place prior to a successful ransomware attack.  Despite 54% of organizations conducting anti-phishing training, one-quarter (24%) of ransomware attacks used phishing as the point of entry.

Accenture adds more color – the Dark web economy is driving a feeding ground for new threat actors.   Information is easier than ever to acquire and is driving the boldness of these ransomware actors. 

In the context of the Biden administration’s executive order, Google Cloud has released new security products to bring managed security services.   Cloud IDS is a cloud managed intrusion detection system, new capabilities in Chronicle, it’s security analytics platform, expanded Risk Protection Program to all Google Cloud customers, and a new Zero Trust Assessment and Planning offering.    There even more – link in the notes.

For developers, MITRE has updated their top 25 bugs list.  These are the easy to discover and highest impact types of problems in software.  

Why do we care?

While I don’t believe IT service providers generally should can do too much about nation states, that doesn’t mean issues like NSO Group’s actions can be ignored.

Story time – ransomware costs businesses by pulling from all parts of the business, it comes now with the likelihood of the data being given away online, and so far, traditional defenses don’t work that well.    The darkweb breeds new enemies, and multiple governments are weighing in.

If traditional methodology doesn’t work, it’s time for new thinking.     For the typical SMB or midmarket company, this should be a pretty core reexamination of how technology is leveraged.      That’s the opportunity for sure, just don’t assume it’s easy… and for me, also not assuming that “best practices” alone are the way of the future.     Yesterday’s techniques are not the solution.       Trust… nothing.. .which is a different philosophy than generally employed previously.