Why major hacker attacks increased in 2023 – 12/18/2023 – Tech

Large-scale and sophisticated hacker attacks are on the rise.

After a pause in 2022, ransomware attacks (system hijacking from a virus) on high-value targets such as large companies, banks, hospitals or government agencies have seen a “massive increase” this year, rising 51% by the end of November, according to cybersecurity firm Crowdstrike Holdings Inc. Last year, such attacks decreased from the previous year, the company said.

Breaches are costing victims more money. Payments made to hackers holding systems hostage increased by almost half by September, according to blockchain analysis firm Chainalysis Inc.. The total loss was almost US$500 million (R$2.47 million) in payments .

“Activity is at an all-time high,” said Nikesh Arora, chief executive of network security firm Palo Alto Networks Inc. Arora highlighted the increasing frequency and severity of ransomware attacks during a recent call with investors. “Bad actors are causing damage in a much shorter period of time,” he said.

In just the last few months, hackers have paralyzed shipping at some of Australia’s biggest ports; wreaked havoc on Las Vegas casinos; caused shortages of disinfectant wipes and trash bags at Clorox Co.; and halted the clearing of some Treasury market trades.

The number of victims of cyber extortion — which includes ransomware — in the first three quarters of 2023 is already 33% higher than in all of last year, according to a report published last month by Orange Cyberdefense, the company’s cybersecurity division. French telecommunications company Orange SA. Most of the approximately 2,900 new known victims were concentrated in the US, UK and Canada, with increasing numbers in India, the Pacific Islands and Africa, according to the report. This year saw the highest number of victims ever recorded by Orange.

The increase in activity is even more impressive after ransomware attacks declined by some measures last year. The lull corresponded with the timing of Russia’s invasion of Ukraine in February 2022, and some experts relate this to the fact that many hackers believed to be based in Eastern Europe and redirected their efforts or were otherwise distracted. Other theories claim that hacker groups were keeping a low profile after a series of high-profile attacks that caught the attention of authorities.

“A lot of time was spent attacking Ukraine or Russia, but the war has been going on so long that these guys are like ‘we have to make money again,’ so they’re back doing their financially motivated attacks,” said Jon Clay, vice-president. president of threat intelligence at security software maker Trend Micro Inc.

The high-profile breaches reflect the ease of launching attacks now and the enormous amounts of money to be made from them. The nearly infinite supply of potential victims has fueled an increase in criminal activity, where the goal is the indiscriminate exploitation of as many targets as possible. Hackers’ success in getting paid increases with the amount of disruption they cause to a victim’s computer systems, experts say.

The problem is difficult for authorities to control. One reason is that many victims, desperate to recover their data or keep it off the dark web, or both, end up paying the ransom, which fuels new attacks. Another reason is the scale and global nature of the industry, as many of the hackers are based in Russia or other countries that offer them safe haven.

Growing awareness has led many organizations to invest in backup infrastructure that can be activated in case of an emergency and cyber incident response training, giving them leverage to negotiate a lower payment with hackers or avoid paying altogether, said Bill Siegel, director executive at ransomware incident response company Coveware.

This year, the gross dollar amount paid to cyber extortionists is actually 20% lower, Siegel said. However, when victims pay, the average amount is rising, reaching $851,000 in the third quarter of this year, according to Coveware.

Keeping up with cybercrime trends is difficult. Not all victims disclose when they were targeted, and those who do often provide few details. Data held by cybersecurity companies often only includes the experiences of their own customers, and hacker-maintained leak sites also fail to mention paying victims. “This is only a partial view of the entire cyber extortion problem,” the Orange report acknowledged. “We are very aware that there is an obscure high number of victims that we simply don’t know about.”

A rise in ransomware attacks in 2021, including one on Colonial Pipeline Co. that disrupted fuel supplies on the U.S. East Coast, led the Biden administration to declare ransomware a national security priority. Since then, the US and many of its allies have attempted to crack down on hacker groups, in part by cutting off criminals’ cryptocurrency resources.

The Ransomware Task Force, a nonprofit organization focused on cybersecurity, has drawn up a list of 48 actions that the public and private sector could take to mitigate such attacks, and starting December 18th, companies will be required to disclose cybersecurity incidents to the public. U.S. Securities and Exchange Commission within four business days of determining that they are material to investors. Under the new rules, companies will have to report the impact of the hack, including what data was publicly disclosed and the processes the company took to mitigate the risk.

The government is “using every tool available” to stop hackers, said Eric Goldstein, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Agency. “Unfortunately, the full scope of the problem can be difficult to measure because ransomware incidents are still largely underreported.”

Another challenge for authorities is that cyber extortion groups tend to have a very short lifespan — most last a maximum of six months — making it difficult to investigate and disrupt their activities, the Orange report found. Only 23 cyber extortion groups tracked by Orange Cybersecurity survived until 2023; another 25 disappeared completely from the previous year, while 31 new groups emerged to take their place.

“Every day we are seeing more attackers at a rate the industry has never encountered before,” said Jon Miller, co-founder and CEO of Halcyon, a California-based anti-ransomware software maker. Major hacker groups are perfecting a type of franchise model, selling technologies and data to new entrants, who then share the profits from their attacks, he said.

“The most skilled attackers go after the high-level targets — which are still mostly Russian — and now you also have mid-level attackers going after the lower level,” Miller said. “Everyone profits and the attacks they are carrying out are super impactful.”

LockBit, ALPHV, and Cl0p have been some of the most active ransomware groups this year. Cl0p, for example, was responsible for the MOVEit file transfer software breach over the summer, an attack that affected more than 2,600 organizations, according to Brett Callow, a threat analyst at Emsisoft. LockBit was responsible for an attack last month against the US arm of the Industrial & Commercial Bank of China Ltd., which disrupted the US$26 billion US Treasury market, and an attack the month before which took down a website that Boeing Co. uses to sell aircraft parts, software and spare services.

In the case of the casino hacking attacks, a group known as the Scattered Spider, which frequently breaks into networks by calling or messaging IT support employees and convincing them that they are employees who need access to the network, was described by a company executive. Google-owned Mandiant cybersecurity company as “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.”

These attacks, and others like them, highlight what cybersecurity experts say is the increasing use by hacker groups of sophisticated forms of analog social engineering to gain initial access to an organization.

The shift to work from home for many employers has also created new security vulnerabilities — and opportunities for hackers, according to Jim McMurry, founder and CEO of cybersecurity firm ThreatHunter.ai in California. Some of the biggest attacks last year involved hackers becoming quicker to exploit software flaws immediately after they were publicly disclosed and before victims had much time to apply necessary fixes, including technologies needed for remote work, he said.

“This rapid exploitation, combined with the widespread adoption of remote work technologies, has created a perfect storm, making even the most robust systems vulnerable to attack,” he said. McMurry estimates his company has responded to and investigated twice as many incidents this year compared to last.