US Coast Guard Rear Admiral John Mauger has warned that cyber warfare is the biggest threat to maritime transport. According to Mauger, the world is struggling to keep up with demand for goods. While this includes scarcity of goods, it also includes the speed at which goods can be moved. Ports are understaffed and overcrowded, with ships waiting to be allowed to dock. Mauger says that a cyberattack on this already strained system could mean huge problems for almost every industry. Large shipping providers, such as Maersk, have already been the target of ransomware, and Mauger believes it is a matter of time before attackers try again.
Security Magazine has labelled ransomware gangs the ‘mafia of the 21st century’. The reasons why may surprise you. Of course, ransomware gangs have behaved in a very mafia-like way in recent years, with the rate of attacks exploding worldwide. They’ve taken millions of dollars in payments from companies desperate to avoid the consequences of not paying, and they’ve done so in a very cold, business-like way. But Security Magazine believes the real reason they are the modern-day mafia is that ransomware gangs are maturing. Gangs are merging, hackers are moving between positions, and they are even starting to sell their products to amateur hackers. With this increased maturity comes further danger from more sophisticated attacks on personal and corporate systems everywhere.
A report from Blackfog has revealed that 244 successful publicised ransomware attacks have taken place so far in 2021. The actual number of hacks will be considerably higher, but very few hacked companies reveal that information. It is also an increase of 25 per cent from 2020. The report also shed light on the industries that have been most affected by ransomware attacks. The unfortunate leader was the government sector, with almost 20 per cent of all attacks. Closely behind were education and healthcare, with everyday services and technology firms next. What this shows is that hackers target high value, high disruption key services – and they’ve been very successful.
A professional hacker, writing in the Financial Times, has some advice for businesses: Assume I am already inside your system. The hacker described how companies place far too much of their security effort on preventing attacks, saying that there is “always a way in”. Businesses should, in fact, concentrate on how they can protect data and mitigate attacks, and that many are unprepared. The hacker stated that 99 per cent of his successful attacks begin by gaining entry via stolen passwords. Once inside, many passwords give privileged access to centralised systems and allow attacks to cascade to other systems, often resulting in ransomware waves. The best defence against such attacks is a decentralised password system, such as MyCena. Users are assigned a unique password they never have to know, avoiding stolen passwords and human error. By combining this with encryption and segmented systems, businesses will be cyber-resilient by default.
Mimecast’s State of Ransomware report has revealed the true cost of falling victim to ransomware, and the results are staggering. Eighty per cent of IT security professionals questioned said that they had been the target of a ransomware attack in the last two years. Thirty-nine per cent of those attacked revealed that they had paid a ransom to attackers in order to salvage their data. The average ransom paid by US companies was $6.3 million, while companies in Canada paid a slightly lower average of $5.34 million. The report showed how critical it is to take measures to mitigate, and protect systems from, ransomware attacks.
In July 2021 the IT firm Kaseya suffered one of the most infamous ransomware attacks yet. The hack cascaded down to hundreds of companies that used Kaseya, causing downtime and damage for businesses around the world. Until now, ransomware gangs have faced very few consequences – mostly due to their own governments not acting, and the relatively anonymous payment methods used for ransoms. However, in October 2021, US authorities managed to apprehend a high-profile hacker, a Ukrainian individual, who will be extradited from Poland. If successfully prosecuted, this would signal the US’s intent to fight ransomware gangs.
