The COVID-19 pandemic has created a situation where people are working from home on a massive scale and SaaS platforms have become a necessity. Unsurprisingly, cybercriminals have begun to pivot and are creating tools that target SaaS and other cloud-based platforms. Ransomware gangs, run just like businesses, are beginning to expand to new markets in order to maximize profit and capitalize on new opportunities. Ransomware 2.0 capitalizes on recent trends by spreading to the cloud and encrypting or exfiltrating SaaS data.
Read on to find out more about Ransomware 2.0 and the future of Ransomware in 2022 and beyond:
Ransomware is Targeting Cloud Services
In order to capitalize on recent trends, cybercriminals are now deploying tools that target data and applications hosted in the cloud. The reason for this is simple – cloud apps have become mission-critical for many of the world’s most successful businesses. Can you imagine the office today without apps like Office 365, G-Suite, or Salesforce? There aren’t even on-prem versions for many of these applications, and so these vulnerabilities mean that it is only a matter of time before criminals begin to exploit them. Here is how a cloud-based ransomware attack might look:
- User receives a phishing email that requires the user to update an app or extension
- User installs malicious app or extension that requests permissions to access G Suite or Office 365
- Once permissions are granted, app starts encrypting data in the cloud
In light of recent attention given to ransomware, threat actors have changed their strategy: Attacks have become fewer in volume but are also becoming increasingly severe. In other words, they are refining their targets to ensure that they receive the biggest possible payday. We are actually seeing cybercriminals compete to provide better “customer service” as they want to make it as easy as possible for you to pay them.
Additionally, the ransomware tools themselves have become extremely complex and sophisticated. The worst part? These tools are available for pretty much anyone to use – Tools like Avaddon and Wannacry are available for pretty much anyone to execute attacks and collect a share of the bounty. Ransomware as a Service is now a billion-dollar industry.
IoT as an Entry Point
IoT devices are everywhere. In cybersecurity terms this represents a potentially huge vulnerability that hackers can exploit for criminal activity. Common IoT misconfigurations like forgetting to change default settings represents a very real risk of IoT being used as an entry point.
Third Party Software & Operational Technology
For an attacker, sometimes the best way into an organization isn’t by attacking it directly, but rather through third-party software. Oftentimes, there are underlying vulnerabilities in third party applications that remain unpatched for long periods of time, which hackers take advantage of in order to gain access and wreak havoc. Unfortunately, it can often be difficult to identify these vulnerabilities because the responsibility to address them is either shared or unclear. Organizations need to take a proactive approach and use control tools in order to maintain visibility into your network environment.
How Can I Protect Myself?
It is no secret by now that ransomware is a very real and growing threat – not just to our businesses but to society as a whole. When it comes to securing the enterprise, it is best to leave security to the professionals and partner with a reputable cybersecurity company that can provide value. Stratejm is North America’s premier next-gen MSSP offering turnkey, comprehensive enterprise security. Contact us today to find out how we can help you secure your organization against ransomware.