Gone are the days when cyberattacks were the work of lone hackers looking to pull a massive prank or push an ideological message. Cybercriminality has passed into the professional realm, with hackers employing ransomware to extort money from victims in return for trapped data. More alarmingly, entire governments are exploring ways to use virtual attacks to cripple the infrastructure of opposing countries. Prepared business leaders will develop protections for each eventuality.
Cybercrimes trended up in 2021
According to a report from the Joint Cybersecurity Advisory, 2021 showed a marked increase in cybercrimes, particularly in the area of ransomware. In a ransomware attack, the victim is normally locked out of critical operations, loses data, or is denied internet access altogether. The attackers demand a ransom in return for unlocking the lost data and capabilities. The review showed some notable changes for 2021.
The market for professional cybercriminals developed extensively in 2021, to the point that cybercriminals actively advertise their services and offer 24/7 help hotlines for both clients and victims.
Shifting to “small game”
In order to avoid attention from the FBI and other major criminal justice agencies, ransomware attackers shifted their focus from major companies to medium and small sized businesses. By spreading out their attacks on smaller victims, actors are able to avoid national attention and scrutiny from U.S. authorities.
Ransomware attackers are evolving the way in which they cripple businesses and are becoming more effective as a result. Some examples include attacking cloud data, crippling supply chains, and moving more on holidays and weekends when IT personnel are not as readily available
White House warns of Russian Cyberattacks
To compound the threat of private ransomware attackers targeting corporations, the FBI warned that hackers linked to the Kremlin may begin to target U.S. companies and organizations as Russia’s invasion of Ukraine stalls. The ruble has taken a serious hit from sanctions imposed by the U.S. and other members of NATO, and the Kremlin is looking to retaliate
Disrupt or Destroy
Unlike private ransomware attackers, Russia’s hackers are expected to use viruses, worms, and other malware specifically designed to destroy data or disrupt operations. These can be far more dangerous than their counterparts because they do not require a “disengage” mechanism, meaning that damage could be permanent.
The FBI report noted increased scanning activity from cyber actors based in Russia. The specific Internet Protocol addresses have been the source of previous destructive activity.
Targeting Critical Infrastructure
When the FBI recognised those IP addresses, they caught them scanning critical aspects of infrastructure. The activity, starting back in March 2021, increased dramatically with the start of the Russia-Ukraine conflict. A sort of reconnaissance, this scanning is a way that hackers check for vulnerabilities in potential targets before an attack. The targets were primarily energy companies, as well as industrial, financial, and information services.
Businesses should prepare for cyber attacks of any sort by keeping software updated, ensuring proper encryption of critical data, running antivirus software on all connected equipment, and training employees on prudent online activity.