2024 will become a blend of legacy attack vectors and the inception of newer and more aggressive ransomware including personalization and double-threat extortion.
What is in store for 2024 for organizations?
“64% of all organizations surveyed by Mimecast reported a ransomware attack in 2023.”
In addition, bad actors have several options to extort money from their victims by using more advanced ransomware and generative AI techniques.
Overview of Increasing Sophistication of Ransomware and Phishing Attacks
Furthermore, hackers’ investment in zero-day vulnerability attack tools alters the global cybersecurity landscape, forcing organizations to upgrade, continuously evaluate, and deploy more robust cybersecurity measures.
In 2023, ransomware grew 37%, with the average ransom increasing to $5.3 million. However, even with the increase in ransomware demands, the average payout was $100,000.00.
Moreover, Chief Information Security Officers (CISO) recovering from previous 2023 ransomware attacks continue to see similar potential threats from threat actors using email phishing as the primary delivery of ransomware.
Increases in the weaponization of ransomware, including rapid attacks against newly discovered vulnerabilities, will happen faster and within 24 hours. This rapid attack strategy, enabled by adversarial artificial intelligence (AI), extends hackers’ ability to adjust their threat vectors to better optimize for more significant financial gain.
Equally important, hackers continue to target critical systems supporting enterprise software, cloud-based Software-as-a-Service (SaaS), and software supply chains. As more software solutions become deployed, organizations will become more dependent on these platforms to run their business. Any security breach, no matter how small, will hurt their brand, operations, and compliance status.
Next, hackers know the importance of digital transformation strategies. By probing global networks looking for vulnerabilities, hackers see the window between vulnerability discovery and the organization’s ability to patch remains a profitable window of opportunity. This exposure time continues to vary as most organizations automate their patching and remediation capabilities.
Evolution of Ransomware Modernization and Tactics
Ransomware, like any other application, is a developed application. Like enterprise software, hacker teams constantly update ransomware code to support their various attack campaigns.
Rust, a preferred code development platform of hackers, continues to gain popularity.
Rust, similar to C++, Python, and PowerShell, allows the development of ransomware to include more elusive ways to avoid detection, more robust encryption, and extending the compiled code to work against different operating systems.
Hackers will also continue to transition their Rust applications into more data theft payloads. Hackers show less focus on encryption bounty attacks. Backup systems like Veeam have given organizations hope in restoring their systems infected by ransomware malware.
Developers leveraging Rust continue their progression away from disk and file encryption. Their goal is to migrate towards quantum computing encryption like NTRU. This strategy makes breaking the ransomware encryption more difficult for security experts, law enforcement, and other rival hacking groups to access their target’s data.
Which Ransomware Incidents Can Be Expected in 2024?
In 2024, ransomware-as-a-service (RaaS) will continue to become a problem for organizations. Since hackers leverage AI, they can adjust their attack vectors based on processing their attack telemetry. Changes in the method of attack and context become adjusted from compiled data from the hacker’s Large Language Model (LLM): velocity changes, delivery methods, and Geo-disbursement in seconds.
Hackers profiting from ransomware attacks will continue to expand their threat vectors to specific, highly vulnerable targets. One target includes supply chains and ecosystems.
Ransomware Targeting Supply Chain and Ecosystem Companies
Organizations, including supply chains and ecosystems, wanting to reduce their attack surface must develop and execute a strategy to minimize ransomware effectiveness. Becoming more resistant to ransomware attacks required a new line of thinking heading into 2024.
Supply chain and ecosystem applications and networks, by design, connect product developers, logistics resources, distributors, and shipping companies. In 2024, hackers’ generative AI attacks against supply chains hope to propagate their attacks between the various components laterally.
One notable example was the exploitation of a vulnerability in the MOVEit Transfer software by Progress software. This led to widespread ransomware attacks conducted by the Cl0p ransomware gang. These attacks have had a significant impact on numerous organizations in the public and private sectors. The estimation is that the attacks affected thousands of companies and tens of millions of individuals. The Cl0p group has been sending ransom notes to high-ranking executives at the targeted companies, threatening to expose their files unless the demanded ransom is paid. In cases where the ransom was not paid, the group proceeded to release the stolen data.
What is the Role of Generative AI in Ransomware Attacks?
Generative AI attacks entered the cybersecurity threat landscape in 2024 with the release of ChatGPT, WormGPT, and FraudGPT. What’s more, these adversarial AI tools continue to develop as hackers turn their attention and resources to execute more personalized attacks.
Effects of Generative Tools Against Their Victims
Consequently, AI chatbots gather and collect public domain information. However, they only relied on legacy data. Chat GPT 4.0 now allows access to live internet information via API. This tool gathers detailed profiles, and using AI chatbots to create personalized communications is easier. Consequently, we need to be ready for more customized attacks.
In 2024, CIOs, CISOs, and risk leaders within organizations know the end goal of ransomware attacks: stealing their data. “Seven out of the top nine breaches covered in our 2023 Breaches in Review involved data exfiltration.” Protecting the data continues to be top of mind for executives.
“94% of organization executives surveyed by Mimecast agree that more budget is required to protect against cyberattacks in 2024.”
Ransomware gangs are exploring different tactics to compel victims to pay. These groups continue to contact regulatory bodies like the SEC directly and immediately report fake information about their victims. This action often results in extensive harm to their victims, resulting in legal, reputational, and financial implications. This action becomes a threat of extortion, forcing victims to pay the ransom faster.
According to research, publishing large amounts of stolen data from ransomware is relatively easy and anyone can do it, even those who purchase ransomware code from a RaaS broker.
Human Error Contributes to Ransomware Attack Success
Also, most vulnerabilities exist because of human error. Security operations (SecOps) engineers, managed service providers (MSPs), and SaaS providers are prone to human errors while maintaining various systems.
Generally, many of these errors happen during code upgrades, deployment of new technology, or when a security patch is improperly installed. These errors, as a result, create vulnerabilities hackers look to exploit with ransomware before any remediation is completed.
“According to Cybint, human error causes 95% of cybersecurity breaches, meaning they were likely preventable.”
Finally, organizations need to realize that their existing security protection layers and operations processes often provide a minimal impact on stopping next-generation ransomware powered by AI. Investing in next-generation cybersecurity protection layers and experienced SecOpis engineers no longer a wait-and-see mindset.
After all, should you need help or advice on developing, implementing, or supporting a ransomware protection strategy, please contact – Cubic Consulting at https://cubic.consulting. We can assist with several techniques, including security awareness training, risk meeting preparation, cybersecurity strategy review, etc.
Some images on this page have been designed by Freepik
- Executive Board Members Seeking Greater Security Discussion with CISOs
- What is the Python-based Legion Credential Attack?
- How to order an EXPRESS Penetration Test in 7 steps
- How Can the Board of Directors Increase Their Knowledge of Cybersecurity, Risk and Compliance?
- Penetration Test Intro
- How Have Recent Security Incidents Changed The Board of Directors Committee Agenda?