Morgan
Wright, Chief Security Advisor, SentinelOne
The next ransomware attacker
jackpot. We’ve seen countless attacks on public school districts and higher ed
providers in 2019 which will likely continue, but I expect research institutes
to increasingly be in the crosshairs in the coming year. Research institutes
hold tremendous amounts of sensitive data that can be criminally monetized and
are notorious for disproportionate resource spending. Attackers will use
automation to find vulnerabilities and exploit those who are spending on
non-security personnel and neglecting security technology.
Hospitality is another industry I expect to be targeted more frequently in 2020. Because of its reliance on point-of-sale equipment and excess spending on advanced analytics to make the customer experience more personalized opposed to defense investments, attacker points of entry are susceptible.
Other industries include TV stations and media outlets, logistics/shipping/transportation, and the energy grid and utilities. Just imagine how quickly an energy or utility company will lean on its insurance policy if people do not have access to power or water. Currently, the U.S. energy grid is a fragmented structure, making a nation-wide attack extremely difficult to carry out. However, if the consolidation trend continues, I expect targeted ransomware attacks. Albeit not ransomware, only weeks ago we saw the first-ever cyberattack successfully disrupt operations for a U.S. energy provider and just look at what Russia did to Ukraine in 2015. Where money is to be made ransomware will follow.
David Pearson, principal threat researcher, Awake Security
Ransomware is on the rise, but it will be just a distraction for the real attack. Ransomware will be a considerable risk for SMBs with minimal resources and large organizations who still don’t have widespread backup capabilities in place. Even for those who do, the risk of business continuity is real (think of the effect on IT admins and end users if the former needs to continuously wipe and restore the latter’s systems). However, I worry about the organizations who are targeted by ransomware where the ransomware is just a distraction from the real attack. We’ve started to see a few cases of this (e.g., Petya ransomware) but the majority of danger could very well be ahead of us.
Dr.
Srinivas Mukkamala, CEO, RiskSense
Ransomware will
continue to be the growth driver in cyber-crime. The reason is simple, it’s the
shortest distance between investment and revenue for its perpetrators. Unlike,
identity theft, crypto-currency theft, or bank fraud, ransomware is a fast,
cheap, and effective method of extracting fees from victims. But ransomware too
is showing signs of maturity. The rate of appearance of new ransomware families
fell by half in 2019(1). The reason for this is that the families that did appear
were more sophisticated, harder to prevent, and contained better distribution
mechanisms.
At the same time, the average ransomware demands have increased rapidly to $36,000 in the second quarter of 2019(2). But this number really understates the risk as perpetrators have adopted a more sophisticated pricing model which charges larger organizations much higher ransoms to unlock their data. Rivera Beach, FL, for example, had to pay $600,000 to unlock the city records encrypted by a ransomware gang while Korean hosting company Nayana paid $1m to unlock 3,400 hosted websites(3).
Refusing to pay can cost even more as Norwegian aluminum maker Norsk Hydro learned when they spent $58m in the first half of 2019 to remediate the ransomware attack they experienced in March. The company’s Q1 profit also fell 82% due to production downtime caused by the attack(4).
The implications for security professionals of these trends are clear. The time has come to move from a strictly defensive posture vis-à-vis ransomware to a more offensive strategy focused on finding and fixing vulnerabilities that can be exploited by ransomware.
Sharon
Reynolds, CIO, Omnitracs
In addition to an
increase in ransomware and business email compromise, in 2020 we will also
begin to witness an increase in API extortion. Many businesses offering SaaS
and IT solutions have multiple open API’s, which puts them at risk. We now need
to profile and identify the baseline normalities to API gateways, so that we
can work to detect abnormalities and potential pathways for attackers. As
security professionals, we need to continue to lead our companies in increasing
our security posture, actively working to become more resilient by putting
concrete practices in place as we see API’s start to come under attack.
Sam
McLane, chief technology services officer, Arctic Wolf Networks
With the ransomware
window possibly closing, hackers will loot organizations like kids attacking
piñatas with baseball bats
With more than 600 ransomware attacks plaguing the industry in 2019, organizations will desperately adopt new tools and solutions in an effort to dodge the onslaught. However, adversaries will see the door closing, and a widespread free-for-all will break out before the current round of tools closes. Among the disarray, these hackers will do as much damage as possible in order to hold themselves over until the next backdoor is opened and they can clean out organizations once more.
More specifically, adversaries will place a large target on traditionally weaker environments with a lack of backup and restore procedures. Organizations such as hospitals, nursing homes, extended care facilities and the like will find themselves the victims of targeted attacks, and as long as they keep paying, the attacks will keep coming. With medication, confidential patient data and more at risk, the attacks will remain simple as adversaries will leverage scalable campaigns with seemingly reasonable requests that targeted organizations can justify paying due to the potentially dire implications of going unresolved.
