Cybersecurity: ‘Triple extortion’ fuels ransomware attacks by 93 percent in 6 months ─Report

*Experts found cybercriminals have continued to exploit the shift to hybrid working, targeting organisations’ supply chains and network links to partners to achieve maximum disruption

Gbenga Kayode | ConsumerConnect

Against the backdrop of the recent massive increase in ransomware assaults around the world, cyberattacks have surged in the past six months, with threat actors continuously exploiting the disruptive Coronavirus (COVID-19) pandemic, a report has revealed.

The report found that ransomware attacks were instigated by innovation in an attack technique called ‘triple extortion’ and surged by 93 percent.

Maya Horrowitz, Director, Threat Intelligence & Research Products at Check Point Software, said: “In the first half of 2021, cybercriminals have continued to adapt their working practices to exploit the shift to hybrid working, targeting organisations’ supply chains and network links to partners to achieve maximum disruption.”

Cybersecurity concept

Check Point has just released its 2021 mid-year security report, which provides a detailed overview of the cyber threat landscape, CyberNews stated.

The report suggests that in EMEA countries (Europe, the Middle East, and Africa), organisations experienced a 36 percent increase in cyberattacks since the beginning of this year, with 777 weekly attacks per organisation.

Experts noted that there was an increase of 17 percent, with 442 weekly attacks per organisation in the United States.

Related: Cybercrime – Hackers behind attack on Colonial Pipeline extract $90m from 47 victims

Similarly, there was a 13 percent increase in cyberattacks on organisations in Asia-Pacific since the beginning of the year, with 1338 weekly attacks per organisation, according to report.

Horrowitz also stated: “This year, cyberattacks have continued to break records, and we have even seen a huge increase in the number of ransomware attacks, with high-profile incidents such as Solarwinds, Colonial Pipeline, JBS, or Kaseya.

“Looking ahead, organisations should be aware of the risks and ensure that they have the appropriate solutions in place to prevent – without disrupting the normal business flow – the majority of attacks, including the most advanced ones.”

The rise of ‘triple extortion’

The report said every week, over 1,200 organisations fall victim to a ransomware attack globally.

It further noted that ransomware’s surge by 93 percent was mainly fuelled by triple extortion.

By implication, besides stealing sensitive data from organisations and threatening to release it publicly unless a payment is made, attackers are now targeting organisations’ customers and business partners with ransom demands, report said.

Read Also: White House confirms fuel shortages amid rising gasoline prices after cyberattack on Colonial Pipeline

Check Point report reads in part: “This year, we have seen a huge global increase in the number of ransomware attacks, with high-profile incidents such as the attacks on Colonial Pipeline and JBS making world headlines.

“And while the double extortion ransomware strategy proved popular in 2020, this year’s surge in attacks has brought to light a worrying new threat — that of triple extortion.”

In the first half of 2021, experts stated, supply chain attacks stand out: SolarWinds for its scale and influence, and Codecov and Kaseya for their sophistication.

In January 2021, report stated that law enforcement disrupted Emotet, one of the most significant and dangerous botnets of the past decade.

Since then, the race for Emotet’s successor intensified – other malware, such as Trickbot, Dridex, Qbot, and IceID, are quickly gaining popularity.

The report also noted: “Trickbot, Dridex, Qbot, and IcedID all show signs of continuing to increase in prominence over the next few months.

Read Also Kayesa: Russian hackers lock up 1million devices, demand $70m ransom in Bitcoin

“Together, they make up for the loss of Emotet and keep the ransomware distribution rates steady.

“These malwares resemble Emotet in their infection tactics as well, not only in the adoption of ‘thread hijacking’ by Qbot.

“They also use phishing campaigns to distribute documents, mostly Microsoft Office files, which contain malicious macros.”

Looking ahead

Check Point researchers are confident that the ransomware war will intensify in the second half of the year.

Despite increased investment from governments and law enforcement, they will continue to proliferate, especially as the Joe Biden Administration makes this a priority.

The researchers reportedly noticed an acceleration in the use of penetration tools, such as Cobalt Strike and Bloodhound over the past two years,.

The stated: “These tools don’t just pose a real challenge from a detection point of view, they also grant live hackers access to the compromised networks, allowing them to scan and scroll at will and customise attacks on the fly.”

Cobalt Strike, this year, took center stage as it was found to be used in some of the world’s largest attacks, such as those by the Trickbot gang, the SolarWinds supply chain attack, and numerous ransomware double extortion cases involving DoppelPaymer and Egregor, among others.

As a result of the triple extortion, ransomware now includes the original target organisation and the victim’s clients, partners, and vendors.

Information Technology (IT) multiplies the actual victims of each attack, report stated.

Kindly Share This Story