The real winner of 2019? Ransomware
Trend Micro today released its 2019 security roundup report, revealing an extremely successful year for ransomware and painting a bleak picture of the future of organisations' security landscapes if they do not act on it.
The report from Trend Micro analyses the most significant issues presented to businesses as a result of renewed cyber threats and outlines best practices to IT security teams aiming to protect their infrastructures.
Despite other cyber threats being identified in the report as significant, one of the most devastatingly effective attack styles last year was ransomware.
Trend Micro discovered a 10% increase in ransomware detections, despite a 57% decrease in the number of new ransomware families.
The healthcare industry was the hardest hit by this style of attack, with more than 700 providers targeted in 2019.
In the United States especially, government agencies, both on state and municipal levels, also fell victim to ransomware.
"Digital transformation has been a business buzzword for decades, and the concept has yielded very positive results over time,” says Trend Micro head of consulting in Hong Kong Tony Lee.
“But security is often an afterthought, which leaves digital doors wide open for cybercriminals.
"Despite the prevalent ideals of digital transformation, lack of basic security hygiene, legacy systems with outdated operating systems and unpatched vulnerabilities are still a reality,” says Lee.
“This scenario is ideal for ransomware actors looking for a quick return on investment.
“As long as the ransom scheme continues to be profitable, criminals will continue to leverage it."
Ransomware was such a popular business model in 2019 that to improve efficiency, alliances were brokered between several high-profile ransomware groups around the world.
In one example, the group Sodinokibi launched coordinated attacks on 22 local government units in Texas, demanding a combined US$2.5 million ransom.
This attack also demonstrated the 'access-as-a-service' trend, in which criminal groups rent out or sell access to company networks.
The service can be lucrative, according to Trend Micro, with reported quotes for the services stretching from $3,000 to $20,000 in some cases.
Of the reported incidents, one of the most expensive packages included full access to a company's server hosts and corporate virtual private networks (VPNs).
One of the key factors in the success of coordinated ransomware attacks in 2019 is known or established vulnerabilities in organisations which go unchanged even after a breach.
The Trend Micro study reports there was a gigantic 171% rise in ‘high severity vulnerabilities’ in 2019 when compared with the previous year.
This underscores an increasing urgency for companies to patch their vulnerabilities – not doing so may result in the high-severity bugs becoming further weaponised by ransomware attackers.
To protect against today's threat landscape, Trend Micro recommends a connected threat defence across gateways, networks, servers and endpoints.
Additionally, the company lists these best practices:
- Mitigate ransomware with network segmentation, regular back-ups and continuous network monitoring.
- Update and patch systems and software to protect against known vulnerabilities.
- Enable virtual patching, especially for operating systems that are no longer supported by the vendor.
- Implement multi-factor authentication and least privilege access policies to prevent abuse of tools that can be accessed via admin credentials, like remote desktop protocol, PowerShell and developer tools.