ATTENTION: Business Owners, Leadership, and Board of Directors!
In an ever-evolving digital world where cyber threats are the new bogeymen, let’s talk about something that’s been keeping cybersecurity experts up at night. We’re talking about the startling rise of human-operated ransomware attacks, the kind of digital warfare that’s like a cat burglar sneaking into your home without tripping a single alarm. These incidents have tripled over the past year, and they’re not slowing down. If you’re a business owner, part of the leadership, or on a board of directors for a company, this article is for you.
The Rise of Human-Operated Attacks: A Hacker’s Stealthy Playground
Imagine a rogue hacker silently tiptoeing through your digital kingdom, exploiting weaknesses, and leaving no trace behind. That’s the essence of human-operated ransomware attacks. These aren’t your run-of-the-mill automated attacks that rely on phishing emails; these are highly-skilled hackers exploiting remote monitoring and management tools, making it a lot harder to spot their digital footprints.
Microsoft recently dropped a bombshell—these attacks have surged by a jaw-dropping 200% since September 2022. This is more than just a blip on the radar; it’s a seismic shift in the cybercrime landscape. It’s like the hackers have formed their version of a gig economy, offering their dark skills to the highest bidder.
Why Unmanaged Devices Are the Hottest Targets
One of the hacker’s favorite playgrounds is unmanaged devices, the ones you bring to work under the “bring your own device” policy. Why? Because they’re like the low-hanging fruit in the cybersecurity orchard. These devices often lack the robust security measures that your office desktop might have. In Microsoft’s massive 131-page report, they found that human-operated attacks were responsible for a shocking 40% of all ransomware incidents by the end of June 2023.
Data Exfiltration: The New Nightmare
Just when you thought ransomware couldn’t get worse, enter the era of data exfiltration. Since November 2022, these hackers have leveled up their game. They’re not just locking your data away; they’re swiping it right from under your digital nose. Thirteen percent of human-operated ransomware attacks that got to the ransom stage involved some sneaky data theft.
But here’s a glimmer of hope: Most ransomware attacks still fall short of encrypting your precious data. Only 2% of attacks are successful in deploying ransomware. So, chin up!
The Usual Suspects: Points of Compromise
Now, you might be wondering how these cybercriminals are slipping into your digital fortress. Microsoft’s report has the answers:
– Breaching External Remote Services: Think unsecured remote desktop protocol (RDP) and virtual private networks (VPNs).
– Abusing Valid Accounts: Sometimes, they get their hands on legitimate account credentials and waltz right in.
– Compromising Public-Facing Applications: Cybercriminals exploit vulnerabilities ranging from brand-new zero-day exploits to ones that have been gathering dust for years.
Unmanaged Devices: The Achilles’ Heel
One big takeaway here is that unmanaged devices are the soft underbelly of organizations. In a shocking revelation, Microsoft stated that a staggering 80 to 90 percent of all compromises originated from these devices. It’s like leaving the back door wide open for digital burglars.
SMBs in the Crosshairs
If you’re part of a Small or Medium-sized Business (SMB), you’re in the crosshairs of these attacks. Between July 2022 and September 2022, a staggering 70% of all attacks targeted organizations with fewer than 500 employees. It seems cybercriminals are turning their attention to smaller fish in the digital pond.
Meet the Ransomware Gangs
Microsoft’s report pulls back the curtain on the main culprits behind these attacks. You’ve got Magniber, LockBit, Hive, and BlackCat, who are responsible for nearly two-thirds of all attacks. Among these, LockBit takes the crown as the most observed in Microsoft Incident Response customer engagements.
Notably, Magniber is a bit of an oddball—it operates without any human intervention. This makes it an especially relentless threat. These cyber tricksters often disguise Magniber as seemingly innocent Windows updates, adding a layer of deceit to their malicious activities.
The Data Exfiltration Specialists
For the hackers who prefer data theft over classic ransomware tactics, Microsoft highlights groups like Karakurt, Lapsus$, Scattered Spider, and Nwgen Team. These folks have a knack for swiping your prized digital possessions.
Microsoft’s Heroic Role in Responding to Attacks
Microsoft plays a vital role in battling ransomware. When an attack is detected and your files are locked up, Microsoft springs into action. They team up with organizations like the National Cyber Forensics and Training Alliance (NCFTA) to share essential information. This collaboration is the digital equivalent of calling in the cavalry.
Moreover, if you’re ever in the unfortunate position of considering paying a ransom, Microsoft can step in and work with law enforcement to track the cryptocurrency involved. Sometimes, they can even help you recover your digital treasure.
What Lies Ahead in Cybersecurity
As the cybersecurity landscape continues to twist and turn, Microsoft’s report identifies four major areas of concern: changes in the cybercriminal ecosystem, nation-state attacks, operational technology (OT) security, and the impact of artificial intelligence on both defenders and hackers. These are the challenges that keep the guardians of the digital realm awake at night.
In conclusion, the surge in human-operated ransomware attacks is a call to action for businesses everywhere. SMBs, in particular, need to be extra vigilant and proactive in fortifying their cybersecurity defenses. The risks are real, and the consequences of an attack can be devastating.
To read the full report by Microsoft and get a deeper dive into this hair-raising trend, visit TheRecord’s article. Your business’s future may depend on how well you prepare today. So, stay safe, stay secure, and stay informed.
Disclaimer: The information provided in this article is for educational purposes only and should not be considered as legal advice. For specific compliance concerns, please consult with a qualified legal professional.
By: Derreck Ogden
