Per Barracuda, reported ransomware attacks have doubled in frequency over the past year, with no signs of slowing down. Attackers increasingly use generative AI to craft more effective attacks, with municipalities, healthcare, and education being the most vulnerable sectors. The rise of generative AI has allowed attackers to create well-crafted phishing emails with better accuracy, making attacks more evasive and convincing.
Email security standards such as SPF, DKIM, and DMARC are not enough to protect against these malicious emails, as attackers can use deceptive links or new domains that comply with these standards. A report by Cloudflare found that 89% of unwanted messages passed at least one of these standards and that attackers can easily set up a domain with the correct email authentication records to pass all necessary checks.
We can see that in the rise of credential theft, with 49% of breaches involving stolen credentials. Attackers continue to use social engineering to trick users into giving up their credentials, and stolen credentials are often used to breach systems.
Some ransomware attackers are shifting tactics to data extortion without encryption, aiming to minimize disruption and rebrand themselves as security advisors. The number of threat actors carrying out encryption-less data theft and extortion attacks grew by 20% in 2022, while ransomware attack volume dropped 41% during the first half of 2023.
Fake data leaks are becoming increasingly prevalent. Cybercriminals may fabricate leaks to generate hype, deceive other criminals, or sell phony information. According to Kaspersky Digital Footprint Intelligence, between 2019 and mid-2021, there was an average of 17 posts about social media leaks on the Dark Web. Starting from the summer of 2021, the number of posts increased to 65 per month on average.
A report from Sysdig reveals that the average time from recon to attack completion in the cloud is only 10 minutes. Cloud automation has been weaponized, and attackers are taking advantage of the same things that lure companies to the cloud. The report also highlights that 10% of advanced supply chain threats are invisible to standard tools, and 65% of cloud attacks target telcos and fintech.
As the cloud gets targeted, A new report from AppOmni shows that while 71% of organizations surveyed rated their SaaS cybersecurity maturity level as mid-high or the highest level, 79% had identified SaaS cybersecurity incidents over the past 12 months. The majority of incidents fell into preventable categories, such as over-permissioned users, app misconfigurations, and human and error-related data exposures. The report also highlights that the SaaS footprint and corresponding risk are grossly underestimated.
The National Cyber Security Centre (NCSC) in the UK has been using a unique system called Early Warningto detect the beginnings of new ransomware attacks against British organizations and tip them off to prevent the attacks from succeeding. The free system, which uses the intelligence community’s access to several information feeds, has prevented a significant number of attacks from succeeding. Still, only around 2% of organizations receive a tip-off from Early Warning after it detects an event. The NCSC encourages more organizations to sign up for the service to tackle cybersecurity threats before they become full-blown incidents.
Why do we care?
Ransomware overall goes up, leveraging credential theft, and email security standards aren’t cutting it. AI is making those attacks even more dangerous, and besides moving to extortion… some attackers can just make it up with a fake data leak. Attackers use cloud tools to move faster, and defenders overestimate their readiness and downplay the risk. And those defenders aren’t even using all the resources available.
That’s the story this set of data tells. No wonder security is a tough sell for customers. Ignore the security vendors – they’ll tell you what a great opportunity this is. They’re not wrong, but last I checked, they aren’t left holding the bag when things go wrong. Now, that may change – White House executive orders move us towards shared security responsibility.
My insight – finding ways to share this responsibility between customers and your security vendors in a chain of responsibility. That’s the key to success.
