A recent surge in “sophisticated, high impact” ransomware attacks has caused the US Cybersecurity and Infrastructure Agency, the UK’s National Cyber Security Centre, and the Australian Cyber Security Center to issue a joint advisory about the techniques being used by cybercriminals to attack organizations around the globe.

Ransomware attacks against several different industry sectors including defense, financial, IT, healthcare, education, energy, local government and more have surged and “continued to evolve in 2021,” according to the advisory.

The advisory also notes that cybercriminals are demonstrating a “growing technological sophistication” which poses an “increased ransomware threat to organizations globally.”

According to the agencies involved in the bulletin, the top three infection vectors for ransomware incidents during 2021 were:

• Phishing Emails

• Remote Desktop Protocol exploitation via stolen credentials or brute force

• Exploitation of software vulnerabilities

It’s very likely that the three infection vectors mentioned above will continue to soar in 2022 because of the increased level of remote working. As the remote attack surface increases, it has “left network defenders struggling to keep pace with routine software patching.”

In addition, ransomware became increasingly professional in 2021. With the increased use of Ransomware-as-a-Service (RaaS) operations, some are offering 24/7 helpdesk support to victims in an effort to expedite ransom payments.

The CISA, NCSC and Australian Cyber Security Center all believe that as ransomware continues to yield large financial returns, attacks will become more frequent. Additionally, the RaaS model has made it increasingly difficult to identify conclusively what cybercriminals are behind an attack, because there may be developers, freelancers and/or affiliates at work as well.

Authorities in the US and Australia have noted that they have seen cybercriminals shift away from targeting larger organizations and instead have begun targeting mid-sized victims instead. This is possibly the result of actions taken by the US authorities in mid-2021 to disrupt activities of ransomware operators involved in high-profile attacks.

Unfortunately, the overall picture painted by the joint advisory is a gloomy one. Ransomware groups will increase their impact in 2021 by:

• Targeting poorly-defended cloud infrastructure to steal data, encrypt information, and – in some cases – deny access to backup systems.

• Targeting managed service providers (MSPs), impacting all of an MSP’s clients at once.

• Attacking industrial processes by either affecting connected business systems, or developing code to interfere with critical infrastructure

• Attacking the software supply chain, and using it as a method to access multiple victims through a single initial compromise.

• Targeting organizations on holidays and weekends, where they might have more impact and there are fewer IT support personnel in place to handle emergencies.

For more information on the joint advisory, you can read it here: Joint Cybersecurity Advisory

Story via TripWire