The increasing sophistication of ransomware, and the way hackers are using them to extort millions of dollars from companies, was one of the key themes of 2022. And 2023 will be no different.
In 2023, ransomware attacks will continue to be a major concern for corporations, as the Malware-as-a-Service (MaaS) model continues to gain momentum, according to the annual Kaspersky Security Bulletin report by Kaspersky Lab’s DFI (Digital Footprint Intelligence) and DFIR (Digital Forensics and Incident Response) teams.
The MaaS (malware-as-a-service) model makes it easier for individuals and organizations to launch cyber attacks. This is because it allows anyone to access tools and resources, such as cryptographers and infostealers, to carry out an attack with minimal effort. According to experts at Kaspersky Lab, attackers are likely to continue looking for ways to reduce their costs in the future. As a result, they may increasingly outsource their activities and scale up their operations. For example, the LockBit ransomware is now being offered as a software service, and at the end of 2022, the attackers even implemented a bug bounty program.
The number of well-known and widespread types of ransomware is expected to decrease in the future. As a result, attacks will become more similar in nature. On the one hand, this is good news for companies because it means that they will not have to worry about a large number of different tactics and techniques to defend against them. However, attackers will likely develop more advanced tools, which means that relying solely on automated solutions will not be enough to provide adequate protection. Therefore, companies must take a comprehensive approach to cybersecurity and adopt a combination of automated and manual solutions to defend against attacks.
Greater use of Artificial Intelligence (AI) and Machine Learning (ML) techniques
The advent of the next iteration of ransomware poses a formidable challenge for the cybersecurity industry as it leverages the power of artificial intelligence (AI) and machine learning (ML) to enhance its capacity for identifying and targeting vulnerable organizations. The utilization of AI and ML algorithms by cybercriminals enables them to scan the vast expanse of the internet in search of exploitable weaknesses within a company’s network, such as outdated software or unpatched vulnerabilities. Once these vulnerabilities are identified, the AI-powered ransomware can launch an attack with a high degree of autonomy, thereby compromising the organization’s data and extorting a ransom for its release.
The increasing reliance on digital interactions by organizations across the globe has resulted in a concomitant rise in susceptibility to cyberattacks. This has led to an escalation of concerns not only for companies but also for nations and consumers alike. As the magnitude of disruption caused by these attacks continues to grow with the use of AI and ML, so too does the imperative for the development and implementation of advanced techniques for prevention and detection.
Given the increasing use of AI and ML in ransomware attacks, organizations need to take unconventional steps to protect their critical infrastructure. Here are some of them:
Implementing deception technology.
In the ever-evolving landscape of cyber security, organizations are constantly seeking new and innovative ways to protect their networks and systems from malicious actors. One such method that has gained traction in recent years is the use of deception technology.
Deception technology involves tricking attackers by creating false or “honeypot” systems that store decoy data. These decoys can also act as “trapdoors” through which defenders can lure attackers into exposing themselves. This can help to distract attackers from the organization’s real systems and can provide early warning of an attack.
An illustration of this technology in practice is the deployment of a device that emits a honeypot signal. This device can be utilized to entrap attackers by emitting false indications of a computer being compromised. Once the attacker is lured, the organization can then employ another device that utilizes deception technology to gain insight into the attacker’s methodology and techniques.
In addition to providing early warning of an attack, deception technology can also be used to disrupt the attacker’s operations. By creating multiple layers of deception, organizations can make it more difficult for attackers to achieve their objectives. As the threat landscape continues to evolve, the use of deception technology will likely become increasingly important in protecting networks and systems from malicious actors.
Emulating human behavior:
Another unorthodox method for safeguarding critical infrastructure from ransomware attacks is the utilization of human-like behavior emulation on the organization’s network. By simulating the actions of a human user, such as randomized cursor movements or keypresses, organizations can obfuscate the attack surface and make it more challenging for adversaries to launch a successful intrusion.
The rationale behind this approach lies in the creation of an element of randomness and perplexity for the attacker. If the attacker is unable to differentiate between human and machine behavior, they may be less inclined to target the organization’s systems. Furthermore, emulating human behavior can also aid in the detection and mitigation of an ongoing attack, as it can serve as a trigger mechanism for alerting the security teams to anomalous activity on the network.
One approach to emulating human behavior is through the utilization of AI-based tools that can mimic human actions. These tools can be programmed to execute randomized cursor movements or keypresses, as well as other actions such as opening and closing applications or altering system configurations. The utilization of AI-based tools allows organizations to create a more refined level of deception, making it more challenging for attackers to discern the difference between human and machine behavior.
By generating an element of randomness and perplexity for adversaries, and by utilizing AI-based tools and deception technology, organizations can make it more challenging for attackers to launch a successful intrusion, while also detecting and mitigating an ongoing attack.
Creating a “white list” of approved applications
The implementation of white-list applications is a proactive approach to cyber security. It works by restricting access to the system to only those applications that have been vetted and deemed safe to run. This makes it significantly harder for attackers to install malware and launch attacks.
However, this is not only about curating a list of approved applications, it’s also about creating a framework for continuous monitoring and updating of the list. This means that the white list must be updated regularly, as new vulnerabilities and threats are discovered.
CISOs must also consider the end-user experience and the potential disruption to business operations when implementing a white list. It’s important to have a well-planned communication strategy to ensure that the end users are well-informed about the changes and the reasons behind them.
Using blockchain technology
Blockchain technology is a decentralized digital ledger that records transactions across a network of computers. It uses advanced cryptographic techniques to ensure the integrity and immutability of the recorded data. This technology can be leveraged to create decentralized networks that are more resistant to ransomware attacks.
By contrast, decentralized networks built on blockchain technology are much more resilient to ransomware attacks. Because the data is distributed across multiple nodes, an attacker would need to compromise a significant number of nodes in order to gain control of the network.
The technology also enables us to have a tamper-proof, immutable record of all the transactions made on the network, which can help organizations to detect and respond to a ransomware attack more quickly. A blockchain-based decentralized network provides a means of recovering from a ransomware attack, as the organization can restore its data from one of the other nodes on the network.
Final thoughts
Ransomware attacks on corporations will continue to be a pressing issue in the next few years. The good news is that there are measures that can be taken to protect businesses from attacks and repercussions. While traditional methods such as firewalls and antivirus software can provide a certain level of protection, they are no longer sufficient to combat the sophisticated attacks of today. The integration of advanced technologies like blockchain, AI/ML, and deception technology can help organizations stay ahead of the curve.
However, it’s crucial to remember that technology is only one aspect of a comprehensive security strategy. Organizations must also focus on regularly monitoring and updating their security measures, creating a well-defined incident response plan, and providing continuous training to employees. Cybersecurity is not a one-time task, it’s an ongoing process that requires constant adaptation and evolution. Remember, in the game of cyber security, the only constant is change, and the only way to win is to stay one step ahead of the attackers.
