Cybersecurity authorities in the United States, Australia, and the United Kingdom have issued a new joint advisory, outlining the rising threat of ransomware attacks against critical infrastructure organizations over the past year.
Why this matters
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) observed ransomware attacks against 14 of the 16 US critical infrastructure sectors in 2021.
The advisory also states that the Australian Cyber Security Centre (ACSC) identified ongoing ransomware incidents involving critical infrastructure entities, while the United Kingdom’s National Cyber Security Centre (NCSC-UK) recognizes ransomware as the leading cyber threat facing the country.
In addition, ransomware tactics and techniques continued to evolve last year. The cybersecurity authorities explain that this demonstrates “cybercriminals’ growing technological sophistication and an increased threat to organizations globally.”
Phishing emails, stolen Remote Desktop Protocols (RDP) credentials, and exploitation of software vulnerabilities were the leading initial infection vectors for ransomware attacks in 2021. Additional trends include:
- Leveraging cybercriminal services-for-hire
- Sharing victim information with other ransomware groups to expand the threat and enable follow-up attacks
- Redirecting efforts from “big-game” US organizations toward mid-sized victims to minimize scrutiny after suffering mid-year disruptions from US authorities
- Diversifying strategies, including the increased use of triple extortion
According to the advisory, ransomware groups are strengthening their impact by targeting cloud infrastructures, managed service providers (MSPs), industrial processes, and the software supply chain. The FBI and CISA also observed an uptick of attacks against US entities on holidays and weekends throughout 2021, noting that threat actors may favor these timeframes due to there being “fewer network defenders and support personnel at organizations.”
To reduce the likelihood and impact of a ransomware incident, network defenders are advised to keep all operating systems and software up to date, implement a user training program with phishing exercises, require multi-factor authentication, establish a strong password policy, and encrypt data in the cloud.
The alert also mentions that malicious cyber actors are leveraging various discovery techniques for network and system visibility, but certain measures can “help limit an adversary’s ability to learn an organization’s enterprise environment and move laterally.” These include segmenting networks, documenting external remote connections, implementing time-based access for privileged accounts, and utilizing endpoint detection tools.
How to respond to an attack
In the case of a ransomware attack, the advisory urges organizations to follow the ransomware response checklist on page 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. The authorities also recommend scanning backup data with an antivirus program to ensure that it is free of malware, emphasizing the importance of using an “isolated, trusted system to avoid exposing backups to potential compromise.”
In addition, organizations are strongly discouraged from paying a ransom to criminal actors as doing so does not guarantee that files will be recovered and “may lead adversaries to target additional organizations or encourage cybercriminals to engage in the distribution of ransomware.”
Strengthen your security with Paubox
With the healthcare sector serving as a popular target for ransomware and other malicious attacks, covered entities can take extra measures to safeguard sensitive information with stronger email security.
Designed to conveniently integrate with your existing email platform such as Google Workspace or Microsoft 365, Paubox Email Suite sends HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages directly in their inbox without having to navigate any separate passwords or portals.
Paubox Email Suite’s Plus and Premium plan levels also feature advanced inbound email security tools for further protection. Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s legitimacy, while patented ExecProtect quickly intercepts display name spoofing attempts.