Top

Ransomware is Thriving in the COVID-19 Business Landscape

Opportunistic bad actors have ramped up criminal activity during the pandemic, causing CISOs to quickly implement new technology and reevaluate vital security processes

The COVID-19 pandemic has rapidly shifted priorities for Chief Information Security Officers (CISOs), forcing them to quickly implement measures to maintain business continuity and ensure the confidentiality, integrity and availability of data.

They have done this in an environment of heightened risk. A recent Information Systems Security Association (ISSA) report found that 63% of CISOs have seen an increase in attempted cybersecurity attacks since the pandemic began.

In response, CISOs have ramped up their threat risk assessment and taken additional steps to ensure data security.

“Cybercriminals are getting more and more advanced every day and they are very innovative,” says Itumeleng Makgati, CISO at chemicals company Sasol. “It is really an organized space that we are working against,” she continues. “We need to stay alert and understand how else they are thinking of getting into environments.”

Mitigating Business Risk in a Heightened Threat Landscape Ransomware has been around for more than 30 years. However, delivery of this kind of digital extortion has come a long way from floppy disks delivered by international mail.

The modern variants have ominous names like WannaCry, Ryuk and REvil. They have been deployed at a rapidly increasing rate over the past few years, demanding ransoms at the top end of more than $10 Million USD.

In fact, they have been so successful that developers of these malicious programs, groups like PINCHY SPIDER and STARDUST CHOLLIMA, now offer their ransomware for hire. In a perversion of a common business acronym, this is now known as Ransomware as a Service (RaaS).

In addition to opportunistic ransomware attacks, businesses have seen an increase in phishing attacks targeting their employees and attempting to steal their passwords or trick them into downloading malware.

“We see that our employees are getting increasingly targeted, and individually targeted, more often,” says Bjørn Watne, CISO at Norwegian life insurance company Storebrand. “So, we need to work with the technical controls, in terms of securing the endpoints, but also the business processes and with the people themselves, in terms of awareness.”

The risk of losing control of a business’ data, often its most valuable asset, is a primary concern for CISOs. But the reputational damage caused by such a breach and the resulting effect this may have on customer trust can be just as serious.

“[We are most worried about] is mass theft of data, extortion using any of the methods that are out there,” says Simon Legg, CISO at UK insurer Hastings Direct.

“Any major disruption of our systems that in essence stops us from being able to meet the commitments to our customers [is a serious concern],” he continues. “And that commitment is that we’re there when they need us.”

The threat landscape is rapidly evolving, and in this environment of heightened risk it is essential that CISOs are regularly reassessing the threat landscape and probing their defenses for weaknesses.

The pandemic caused a rapid change of circumstances for businesses worldwide that may have left gaps in organizations’ security infrastructures – gaps that cybercriminals would be keen to exploit.

Critical Health Infrastructure in the Crosshairs Cybercriminals love to take advantage of a crisis. Sadly, the pandemic is no exception. Attacks against health services such as hospitals, government health agencies and insurance companies rose by nearly half year-on-year between February and May 2020.

Many of these healthcare organizations were targeted by the notorious ransomware variant Ryuk. Cyber threat intelligence provider Check Point Research estimates that as many as 4% of healthcare providers globally have been targeted by Ryuk during 2020.

In March, a group of hackers even tried to compromise the World Health Organization (WHO), as WHO CISO Flavio Aggio reported to Reuters.

“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said. “There are no hard numbers, but such compromise attempts against us and the use of [WHO] impersonations to target others have more than doubled.”

The targeting of health providers is also occurring at a more local scale, according to Blue Cross Blue Shield Michigan (BCBS) CISO Emerging Markets Wallace Dalrymple.

“[Cybercriminals] took advantage of the pandemic and have increased their attacks as well as made them much more targeted,” he says. “I’ve found similar companies literally within probably 100 miles of each other that all got impacted by separate breaches at the same time, and it was the same variant of ransomware.”

The similar nature and proximity of these attacks are likely evidence of a concerted effort on the part of cybercriminals to target companies that may also have similar vulnerabilities.

“Sometimes these companies have the same lack of controls,” notes Dalrymple. “Healthcare is still the number one vertical to go after for ransomware and cybersecurity threats.

This is an extract from the exclusive report The 2021 Information Security Agenda. The report highlights how COVID-19 has rapidly shifted priorities for Chief Information Security Officers (CISOs), requiring them to implement new strategies, technologies and educational programs in a time of heightened risk. Click here to get your copy.