Ransomware still demands a proactive approach to security

Technology has improved in leaps and bounds over the years and what with artificial intelligence and machine learning commonplace in most areas of business, one would think cybercriminals are also adopting emerging technologies.

Make no mistake, there are threats that leverage these technologies, but as Security Lead at Accenture Africa, Boland Lithebe points out, many threat actors are still using tried and tested ransomware techniques. Added to that, cybercriminals also consistently target the same industries namely, manufacturing, financial services, healthcare, technology and construction.

“The most active ransomware groups in 2021 were LockBit and Conti, but tracking individual groups remains challenging due to continuous ‘retirements’ and rebranding into new groups due to law enforcement pressure or internal group dynamics. The conflict between ransomware affiliates and their operators led to information leaks, and arguments between involved parties serve as one example of the unintended consequences of ransom affiliate payment schemes. Despite these problems, ransomware operations remain highly profitable,” says Lithebe.

Looking at its data collected from incident response engagements, Accenture notes a 107 percent increase in 2021 compared to 2022.

There are several factors Lithebe feels contributed to this massive surge. The first is celebrity. Where once technology was relegated to a segment at the end of the nightly news, cybercrime has grabbed headlines consistently over the years as criminals execute more brazen attacks.

Media reporting increases impact,” says Lithebe. “It reflects a ‘scoop-and-scandal’-driven culture in the cybersecurity community and unintentionally increases the influence of cyber threat actors. Cybercriminals used this publicity to criticise rivals and increase pressure on victims.”

Another factor driving this surge is the fact that cloud has become so popular. Generally speaking, cloud environments are as well monitored by the businesses using them and as a result threat actors can sneak in and deploy malware among other nefarious acts.

Stolen credentials are also more widely available making a breach far lower effort than ever before.

Perhaps the most concerning reason ransomware attacks are increasing is because of extortion. Where once threat actors simply encrypted data, now they have graduated to holding it hostage unless a ransom is paid.

In a bid to combat this every rising threat, Lithebe advises that companies weave security into every aspect of the business.

“Administrators should integrate audits into DevOps cycles. The need to weave security into both DevOps and application onboarding has catalysed the integration of platforms for automated code scanning. These include intelligent and integrated platforms that help organisations develop code quickly with lower remediation costs, higher security and less staff,” the security lead concludes.


About Author


Related News