The second half of 2020 witnessed a seven fold increase in ransomware activity compared to the first half, according to a report by Sunnyvale, California based cybersecurity company Fortinet.
According to the company’s semi annual Global Threat Landscape Report, cyber criminals have become more sophisticated and increasingly target remote workers or learners outside the traditional network.
In terms of ransomware, the concept of ransomware as a service grew considerably, the company said. Among the ransomware strains, Egregor, Ryuk, conti, thanos, Ragnar, wastedlocker, phobos and bazar loader were the most active.
The target for a majority of these attacks were healthcare companies, professional service firms, consumer service companies, public sector organizations and financial service firms.
As for specific attacks, Fortinet said that the SolarWinds Orion security breach, which began on February 20 2020, emphasized on the attacks on the supply chain.
“They (cybercriminals) maximized the expanded digital attack surface beyond the core network, to target remote work or learning, and the digital supply chain,” Michael Joseph, director system engineering, India and SAARC, Fortinet, said.
Apart from high rates of traffic, there was evidence of possible spillover targets onto modern supply chain, which stresses on the importance of supply chain risk management, the company said.
In terms of the most prevalent techniques, hackers used Microsoft documents as vectors for virus propagation while web browsers were second in the tools used.
IoT (Internet of Things devices have also emerged as a hot target for criminals, especially for devices that exist at homes of corporate employees, which have now become their offices.
Fortinet said that each IoT device will represent a new network ‘edge’ that needs to be defended and requires security monitoring and enforcement at all devices.
Cybercrime groups, called usually as advanced persistent threat groups, upped their ante by focusing on gathering personal information in bulk, stealing IP and getting access to classified information.
The most common subject of exploitation for the APTs was Covid-19 related work such as vaccine research or healthcare policies.
As for remediation of attacks and threats, Fortinet said that for over 1,500 exploits monitored over the past two years, only 5% of attacks were detected by more than 10% of organisations.
On an average, there was a 1 in 1000 chance that an organization will be attacked.
“It remains prudent to focus remediation efforts on vulnerabilities with known exploits, and among those, prioritize the ones propagating most quickly in the wild,” the report said.
FortiGuard labs said that the data for the report was generated from Fortinet’s array of sensors collecting data from threat events globally.