Safeguarding Against Emerging Cyber Threats: Enhancing Early Detection & Response Strategies
In the rapidly evolving landscape of cyber threats, 2023 has witnessed a resurgence in ransomware and extortion, posing significant challenges despite advancements in cyber security. As businesses invest in fortifying their defenses, the focus must now shift towards bolstering early detection and response capabilities to stay ahead of evolving threats.
Ransomware on the Rise
The first quarter of 2023 witnessed a staggering 143% surge in global ransomware victims, reaching unprecedented levels not seen in the past three years. January and February marked the peak of hack and leak incidents, signaling a persistent and escalating threat. The financial toll of ransomware alone is projected to reach a staggering US$265 billion annually by 2031.
Expanding Targets and Tactics
Hackers are diversifying their targets, extending their reach to infiltrate both IT and physical supply chains. Mass cyber-attacks have become commonplace, with cybercriminals devising novel methods to extort money from organisations of all sizes. The trend involves the theft of personal or sensitive commercial data, escalating the complexity and cost of incidents, along with a heightened risk of reputational damage and third-party liability.
The Growing Menace of Data Exfiltration
Analysis from Allianz reveals a concerning trend in large insurance industry cyber losses, with the proportion of cases involving data exfiltration increasing annually. The shift from 40% in 2019 to approximately 77% in 2022 indicates a rising threat landscape, with 2023 poised to surpass previous records. This underscores the urgency for organisations to fortify their defences against the escalating risk of data breaches.
AI-Powered Threats and Technological Proliferation
Cyber adversaries are leveraging artificial intelligence (AI) to automate and expedite attacks, unleashing more sophisticated AI-powered malware and phishing schemes. The proliferation of connected mobile devices and the advent of 5G-enabled Internet of Things further amplify the avenues for cyber-attacks. The combination of these technological advancements poses unprecedented challenges, requiring organisations to stay vigilant in the face of evolving threats.
Navigating the Cat and Mouse Game
Protecting against cyber intrusions remains a constant struggle, where threat actors hold the upper hand. The use of AI to enhance attack capabilities adds a new layer of complexity, necessitating innovative approaches to stay ahead of cybercriminal tactics. As the landscape becomes increasingly challenging, early detection and response capabilities emerge as crucial components in mitigating the impact of cyber-attacks.
The Imperative of Early Detection and Response
Preventing cyber-attacks is becoming more challenging, and the stakes are higher than ever. The consequences and costs of an intrusion escalate rapidly once data is encrypted or stolen. Analysis demonstrates that the costs can be up to 1,000 times higher if an incident is not detected and contained early. Consequently, prioritising early detection and response capabilities is paramount to effectively safeguarding against cyber threats and ensuring the sustainability of the insurance market.
In conclusion, staying ahead of emerging cyber threats in 2023 requires a strategic focus on enhancing early detection and response capabilities. By doing so, organisations can fortify their defenses, mitigate the impact of cyber-attacks, and contribute to the resilience of the cyber security landscape.
Evolving Cyber Threat Landscape: Ransomware Resurgence Targets Data & Supply Chains
In the ever-changing world of cyber security, the past year has seen ransomware gangs operating business as usual, continually adapting their tactics and business models to exploit vulnerabilities and extort money from businesses and public sector organisations.
Recent findings from cyber threat intelligence firm Black Kite reveal a surge in ransomware attacks during early 2023. According to Akamai Technologies, ransomware victims globally increased by a staggering 143% in the first quarter of 2023.
The NCC Group reported that January and February 2023 witnessed the highest number of ransomware hack and leak cases in the past three years, with ransomware activity up almost 50% year-on-year as of May 20233. The projections are alarming, with Cybersecurity Ventures estimating that ransomware alone could cost victims approximately US$265 billion annually by 2031.
The year 2023 has also seen a notable increase in data exfiltration attacks, with cybercriminal groups like LockBit and Clop reaching new levels of sophistication.
Chainalysis reports that ransomware victims paid demands of US$449.1 million in the first six months of this year, approaching last year's total of US$500 million. If the current trend persists, 2023 could potentially become the second-largest year for ransomware revenue after 2021.
Key Developments in Ransomware Trends:
• Ransomware groups continue to adapt their tactics and business models in response to changes in cyber security
• Ransomware-as-a-Service (RaaS) remains a significant driver for the ongoing frequency of attacks.
• Double and triple extortion attacks, though not new, have become more prevalent, posing potentially more impactful and costly challenges for affected companies.
• Supply chain-enabled ransomware attacks are now firmly established in the ransomware playbook.
• The rise in mass ransomware attacks underscores the need for insurers to comprehend the interconnectivity and dependencies within companies and digital supply chains.
In summary, the evolving threat landscape highlights the resurgence of ransomware, emphasising the importance of robust cyber security measures and proactive defense strategies. Stay informed about the latest developments in cyber threats to safeguard your organisation against these ever-evolving challenges.
RaaS Dominance and the Evolution of Extortion Tactics - Ransomware-as-a-Service (RaaS) continues to play a pivotal role in the sustained surge of cyber attacks.
Criminals, lacking the expertise to develop their malware, leverage RaaS kits and services to swiftly and affordably execute ransomware attacks. These kits, available from as low as $40 per month, empower cyber criminals to amass substantial profits through extortion with minimal financial investment.
Michael Daum, Global Head of Cyber Claims at Allianz Commercial, emphasises the persistent nature of this challenge. "We often deal with the same attack groups. They change – they disappear, reorganise and then reappear under a different name – but the groups with the best tactics make the most money, and then they start re-selling their tools and expertise to others. They operate like successful businesses."
Large companies face the brunt of ransomware attacks, often originating from a limited number of groups such as Black Basta, Clop, and LockBit. The US Cybersecurity and Infrastructure Security Agency reports that LockBit, the most deployed ransomware variant globally in 2022, conducted over 1,700 attacks in the US alone, accumulating approximately $91 million in ransoms paid.
"Cyber criminals’ tactics continue to evolve," notes Daum. Ransomware attacks, once synonymous with encryption, now involve varied techniques such as data theft and Distributed Denial of Service (DDoS) attacks—either individually or in combination with encryption—to extract ransoms.
Data Exfiltration Emerges as the Norm
With double and triple extortion tactics becoming more prevalent and potentially more impactful. Allianz analysis reveals a rising trend in cases where data is exfiltrated, escalating from 40% in 2019 to around 77% in 2022. The current trajectory indicates that 2023 may surpass the previous year's total.
As threat actors increasingly favour data exfiltration, several factors contribute to its attractiveness. Growing volumes of personal information, tightening global privacy regulations and the surge in outsourcing and remote access interfaces create more opportunities for exploitation.
With higher stakes, companies may feel compelled to pay ransoms when data is stolen, reflected in Allianz's analysis showing a rise in ransom payments from 10% in 2019 to 54% in 2022.
Paying a ransom for exfiltrated data, however, does not guarantee resolution. Daum cautions that companies may still face third-party litigation for data breaches, emphasizing the importance of reporting incidents to law enforcement.
Traditionally, companies holding sensitive data were primary targets, but industrial and manufacturing sectors are now bearing the brunt of data exfiltration attacks. IBM Security's 2023 X-Force Threat Intelligence Index highlights manufacturing as the most targeted sector in 2022, illustrating the evolving landscape of cyber threats.
"With data exfiltration, you can attack a standard manufacturing company with many different clients. If you can get data on these clients as well, the criminals can demand money from them also, and that is what we have seen in some claims now," explains Jens Krickhahn, Regional Practice Leader, Cyber Insurance at Allianz Commercial.
As cyber threats evolve, vigilance, proactive reporting and robust cyber security measures are imperative to mitigate risks and safeguard against the ever-changing tactics of cyber criminals.
Ransomware Costs – Double Extortion Changes the Rules & Multiplies the Cost
Costs Description:
Single Extortion (encryption)
Extortion Payment: demanded by criminals
Lost Income (Business Interruption): The longer the period of time in which system accessibility is limited, the greater the loss.
Recovery Expenses: the cost of restoring data and ensuring full systems recovery.
Forensics Expenses: expenses incurred to investigate the source of the security vulnerability.
Double Extortion (encryption and exfiltration)
Notifications Costs: notifying customers, regulators and other required authorities of a data breach.
Monitoring Costs: monitoring services for identity theft/fraud that has to be supplied to individuals whose data is stolen.
Regulatory Fines and Legal Expenses: due to third parties‘ claims whose private data is stolen.
Data Recovery and PR Repairment: Costs of a consultant, crisis management firm or law firm to limit effects of negative publicity.
Top Industries Targeted
The percentage of extortion cases by industry observed in incident response engagements in 2022.
Numbers do not add up to 100% due to rounding. Source: IBM Security’s 2023 X-Force Threat Intelligence Index.
Supply Chain-Driven Ransomware Strikes
Supply chain-enabled ransomware attacks have firmly entrenched themselves in the cyber threat landscape. Threat actors are now strategically targeting both IT supply chain companies and those holding sensitive data in physical supply chains, aiming to extort payments from multiple businesses in a domino effect.
The origins of supply chain attacks gained widespread attention in 2019 with the SolarWinds intrusion, initiating one of the largest software supply chain attacks in history. A parallel incident occurred in 2021, as the IT management company Kaseya fell victim to a zero-day vulnerability, leading to ransomware attacks affecting approximately 1,500 businesses and a staggering US$70 million ransom demand.
In June 2023, reports emerged of a North Korean hacking group infiltrating software-as-a-service provider JumpCloud to target cryptocurrency companies. Chainalysis, a blockchain analytics firm, revealed that North Korean-linked groups had pilfered an estimated $1.7 billion in digital currency through multiple hacks in the previous year.
While supply chain cyber-attacks were once attributed to sophisticated nation-state hacker groups, Ransomware-as-a-Service (RaaS) groups are increasingly adopting these tactics for mass ransomware campaigns. Recent events, such as the MOVEit extortion, highlight the exploitation of digital and physical supply chain interconnectivity by ransomware gangs, targeting organizations with weak cybersecurity to infiltrate other companies within the supply chain.
Experts, warn, "IT providers may be expected to have sophisticated cyber security, but deficiencies are not uncommon. Large attacker groups are sophisticated and savvy, targeting entities that possess valuable data or grant access to other companies, facilitating extortion payments or future attacks."
Accumulation Concerns Amidst Mass Attacks
The year 2023 has witnessed a surge in mass ransomware extortion attacks, where RaaS groups leverage software vulnerabilities and the interconnected nature of digital supply chains to exfiltrate data and demand ransoms from numerous companies.
The MOVEit attack, orchestrated by the Clop ransomware group, exploited a zero-day vulnerability in widely-used file transfer software, exemplifying the tactics employed by RaaS groups. Another instance involved Clop exploiting a zero-day flaw in GoAnywhere file transfer software, affecting over 130 companies. In a separate attack, threat actors capitalised on a known vulnerability in unpatched VMware ESXi servers, compromising 3,800 servers globally.
The evolving landscape of supply chain-driven ransomware calls for heightened vigilance and robust cyber security measures.
Anticipating Tomorrow's Cyber Landscape: AI, IoT and Skills Shortage on the Horizon
The future of cyber security is at a crossroads as emerging technologies like Artificial Intelligence (AI) and the Internet of Things (IoT) present both opportunities and challenges. AI, predicted to be a driving force behind upcoming cyber-attacks, may fuel automated attack processes, sophisticated phishing, and rapid malware development. Simultaneously, AI holds promise for enhancing cyber security through more effective detection and advanced threat intelligence capabilities.
Increased utilisation of AI by malicious actors in the future necessitates even stronger cybersecurity measures. Threat actors are already harnessing AI-powered language models like ChatGPT to write code, enabling less technically proficient individuals to create new ransomware strains and variations, potentially leading to a surge in the number of cyber-attacks.
Voice simulation software, a recent addition to cybercriminal tactics, poses additional challenges. In 2019, an energy provider's CEO fell victim to a scam facilitated by AI-generated voice, resulting in a €220,000 loss. More recently, deepfake video technology designed for phishing scams has emerged, with researchers noting instances of these services being sold for as little as US$20 per minute.
Key Developments:
• AI-powered language models and voice simulation software are becoming integral to cybercriminal tactics.
• Cyber security insurance providers observe a rising number of incidents stemming from poor cyber security practices around mobile devices.
• The technical skills crisis in cyber security is escalating incident response costs.
The growing threat landscape underscores the necessity for companies to invest in AI-powered cyber security measures. The dual nature of AI, while it may aid threat actors, it is also a potent tool for detection. Investing in AI-backed detection capabilities can potentially thwart cyber incidents early, maintaining equilibrium in the ongoing cyber warfare.
Mobile Devices: An Attractive Target - Lax security practices and the commingling of personal and corporate data on mobile devices are increasingly attracting cybercriminals.
Cyber security insurance providers note a surge in incidents resulting from inadequate mobile device security. During the pandemic, organisations enabled access to corporate networks via private devices without robust multi-factor authentication (MFA), leading to successful cyber-attacks and substantial claims.
Cybercriminals now focus on mobile devices, deploying specific malware to gain remote access, pilfer login credentials, or unleash ransomware. The merging of corporate and personal information on these devices presents a vulnerability, especially since personal devices typically lack stringent security measures. Utilising public Wi-Fi on such devices elevates vulnerability, including exposure to phishing attacks through social media channels.
The advent of 5G technology introduces further concerns. While 5G powers more connected devices, IoT devices, known for their inherent lack of security, pose a significant cyber threat. The sheer volume of these globally connected devices, coupled with the integration of AI, amplifies the potential risks. Many IoT devices lack robust security measures, often featuring discoverable default passwords, making them susceptible to cyber threats.
The Cyber Security Landscape Amidst Skills Shortage Challenges - The escalating shortage of cyber security professionals is casting a shadow over the effectiveness and frequency of cyber security measures, potentially amplifying the vulnerability to successful attacks in the foreseeable future.
As per ISC2, a non-profit organisation dedicated to cyber security professionals, the global cyber security workforce faces a significant shortfall of 3.4 million individuals, a gap growing at twice the rate of available talent. A staggering 70% of organisations express their inadequacy in cyber security staff, hindering their ability to maintain effective security protocols. Gartner, a leading research and advisory company, predicts that by 2025, more than half of notable cyber incidents will be attributed to a lack of talent or human error.
The crisis in technical skills for cyber security is exacerbated by the rapid evolution of technology, leaving an insufficient number of experienced professionals to combat emerging threats. The scarcity of skilled cyber security engineers heightens companies' exposure to potential cyber events, making it challenging to predict and prevent incidents, leading to potential losses in the future.
This scarcity of cyber security expertise also has financial implications in responding to cyber incidents. According to the IBM Cost of a Data Breach Report 2023, organisations grappling with a high level of security skills shortage incur an average data breach cost of US$5.36 million, approximately 20% higher than the average cost.
The scarcity of cyber security experts has turned IT specialists into a valuable yet scarce resource, and IT security experts are even more elusive. The relentless surge in cyber attacks and incidents outpaces the rate at which organisations can recruit and train IT and cyber security professionals, intensifying the challenges faced by businesses in safeguarding their digital assets.
Stabilisation Trend Threatened by Mass Attacks & Data Exfiltration
The stabilisation trend in cyber security is under threat as mass attacks and data exfiltration incidents surge, leading to an increase in cyber insurance claims frequency during the first half of 2023. Despite advancements in cyber security over the past two years, these emerging threats pose challenges to first-party losses control and overall risk management.
After a notable surge in ransomware losses in 2020 and 2021, the stability observed in the frequency of cyber insurance claims last year showcased improvements in cyber security practices and risk management actions. Measures such as multifactor authentication and robust backup strategies contributed to making encryption-based ransomware less effective, reducing business interruption impacts. Additionally, law enforcement efforts targeting ransomware gangs and geopolitical events, such as the Ukraine-Russia conflict, played a role in mitigating the activities of threat actors.
Companies responded proactively by addressing vulnerabilities and enhancing governance, particularly around mergers and acquisitions (M&A). Historically, M&A processes often resulted in cyber security insurance claims due to issues overlooked during due diligence. Now, there is heightened consideration at a high level for IT assets and cyber security during M&A activities.
However, ransomware groups have adapted tactics, emphasizing data exfiltration and exploiting weaknesses in IT supply chains. The notable MOVEit mass cyber-attack earlier this year, impacting over a thousand companies, contributed to the uptick in cyber security insurance claims frequency in 2023, affecting multiple policyholders simultaneously.
Key Developments:
• Ransomware and extortion-based attacks remain the predominant sources of cyber insurance claims by volume and frequency.
• A surge in data privacy claims in the US, particularly related to biometric information, has been observed alongside extortion claims.
• Analysis of large cyber losses indicates a significant increase in cases involving data exfiltration and incidents becoming public.
• Claims analysis underscores the staggering cost difference between breaches detected and contained early versus those left undetected.
The current year witnesses a resurgence in cyber security claims frequency, reversing the stabilisation observed in the previous year. Attackers, now armed with more potent tools and enhanced attack mechanisms, are once again targeting Western economies.
Ransomware and extortion-based attacks continue to dominate cyber insurance claims, constituting over 80% of claims from standalone cyber policies alone.
Cause of Loss by Value of Cyber Claims
Based on the analysis of 3,366 claims worth €612million between August 2019 and August 2023.
Proactive Cyber Security Measures: Early Detection is Crucial to Mitigate Emerging Threats
In the dynamic landscape of cyber security, the significance of early detection cannot be overstated. The majority of cyber-attacks are swiftly contained when detected early, helping companies avoid substantial losses and ensuring that incidents remain within policy deductible levels.
Prevention remains a key driver for reducing the frequency of cyber incidents, while the ability to detect threats in their early stages plays a pivotal role in determining the severity of the impact. As reliance on outsourcing and data flows between companies grows, merely protecting the perimeter of an organization is no longer sufficient.
Companies are now confronted with the reality that preventing every attack is unattainable. The emphasis must shift towards detection and response capabilities to catch attacks before they escalate, preventing severe incidents that could potentially bring business operations to a standstill and tarnish reputation.
Key Insights:
• The key to averting damaging cyber-attacks lies in the early detection of threats.
• Companies should allocate additional cyber security spend on detection and response.
• Proper data management significantly contributes to risk reduction.
• Smaller companies should comprehend potential risks and allocate resources for tailored security measures.
• Mid-sized corporations must identify crucial IT assets and collaborate with cyber security service partners.
The analysis of claims notifications underscores the exponential cost difference between breaches that were detected and contained early compared to those that were not. Breaches left undetected can be over 1,000 times more expensive.
Swiftly identifying and containing cyber threats in their early stages can save substantial costs. Early detection, priced at €20,000, proves to be a more cost-effective strategy compared to post-incident interventions, where breach costs might soar to €20 million.
Next-Gen Authentication Tools
While multifactor authentication has showcased its effectiveness, the future calls for advanced detection tools. Explore Security Operations Center (SOC), Security Information and Event Management (SIEM), Extended Detection and Response (XDR), Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) to bolster your defence.
Balancing Your Cyber Security Budget
Allocate your IT security budget judiciously – direct additional spending towards detection and response, constituting around 35% of the total budget. It's an end-to-end mechanism, beginning with prevention and seamlessly transitioning into early detection and response.
Data Management: Safeguard Against Exfiltration
Combat data exfiltration threats with robust data management practices. Regularly managing, appropriately storing, and promptly deleting data significantly reduces the risk of exposure.
Preparation for Cybersecurity Challenges
Anticipate and prepare for the worst. As data privacy regulations surge, meticulous planning, crisis exercises, and collaboration with specialist vendors become imperative. Rapid response to incidents can significantly reduce the impact and cost of claims.
Empowering SMEs in the Cyber Arena
Tailor cyber security measures for small and medium-sized enterprises (SMEs). Acknowledge potential risks, allocate resources wisely, and initiate discussions with Managed Security Service Providers (MSSPs) to create bespoke IT budgets and strategies.
Proactive Measures for Mid-Sized Businesses
Mid-sized businesses must identify crucial IT assets, collaborate with cyber security service partners, and deploy advanced detection tools. This proactive approach ensures effective cyber security strategies tailored to uncover and neutralise potential threats.
In a dynamic cyber landscape, stay steps ahead by embracing early detection, evolving security tools, and fostering strategic collaborations. Invest wisely, prepare diligently, and fortify your cyber security framework for sustained success.
In summary, the landscape of cyber threats is evolving, demanding a strategic and proactive response. The outlined key developments underscore the pivotal role of early detection and robust cybersecurity practices. As businesses face a rising tide of sophisticated attacks, the imperative is clear: fortify your defences, embrace advanced detection technologies, and collaborate with cybersecurity experts. To safeguard your assets and reputation, it's time to take decisive action. Explore our tailored cyber security solutions, stay ahead of evolving threats, and fortify your digital resilience. Together, let's build a secure future in the face of an ever-changing cyber landscape.
References
Allianz Commercial
Black Kite, Ransomware Threat Landscape Report 2023
Akamai Research: Rampant Abuse Of Zero-Day And One-Day Vulnerabilities Leads To 143% Increase In Victims Of Ransomware
NCC Group, Cyber Threat Intelligence Report, March 2023 / Howden Predicts Global Cyber Insurance Premiums Could Exceed Usd 50 Billion By 2030, July 5, 2023
Cybersecurity Ventures, Global Ransomware Damage Costs To Exceed $265 Billion By 2031, June 4, 2021
Wired, Ransomware Attacks Are On The Rise, Again, July 12, 2023
IBM Security X-Force Threat Intelligence Index 2023
World Economic Forum, Wide-Ranging MOVEit Hack And Other Cybersecurity News To Know This Month, July 17, 2023
Reuters, MOVEit Hack Claims Calpers And Genworth As Millions More Victims Impacted, June 24, 2023
Cybersecurity & Infrastructure Agency, Understanding Ransomware Threat Actors: LockBit, June 14, 2023
IBM Security X-Force Threat Intelligence Index 2023
National Counterintelligence And Security Center, Kaseya VSA Supply Chain Ransomware Attack, August 10, 2021
Reuters, North Korean Hackers Breached A US Tech Company To Steal Crypto, July 21, 2023
Bleepingcomputer, Fortra Shares Findings On GoAnywhere MFT Zero-Day Attacks, April 19, 2023
Cybersecurity & Infrastructure Security Agency, ESXiArgs Ransomware Virtual Machine Recovery Guidance, February 8, 2023
Bloomberg, The Next Wave Of Scams Will Be Deepfake Video Calls From Your Boss, August 25, 2023
ISC2, Revealing New Opportunities For The Cybersecurity Workforce,
Gartner, Gartner Predicts Nearly Half Of Cybersecurity Leaders Will Change Jobs By 2025, February 22, 2023
IBM Security, Cost Of A Data Breach Report 2023
IBM Security, Cost Of A Data Breach Report 2023
IBM Security, Cost Of A Data Breach Report 2023
RiskRecon By Mastercard, Small Business, Mighty Attack Surface, August 23, 2022
Vodafone, Half Of SMEs Experience Surge In Cyber-Attacks – Vodafone Research Reveals, February 15, 2023