After reviewing the cyberattack trends from 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with the FBI and other international security partners warning of the rising global threat of ransomware and gave mitigation and remediation advice.
The warning was issued in partnership with the National Security Agency (NSA) and the cybersecurity authorities in Australia and the UK and notes that CISA, the FBI, and NSA noted cyberattacks on 14 of 16 American critical infrastructure sectors in 2021.
“Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally,” the warning says. “This joint Cybersecurity Advisory … provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.”
As far as tactics the organizations have observed, the joint advisory notes that ransomware groups are using phishing tactics, as well as brute force, exploiting vulnerabilities, and stolen credentials to gain access to networks. The advisory also notes the rising trend of ransomware-as-a-service, or the utilization of cybercriminals for hire.
While ransomware became a big topic stateside after high profile attacks on critical infrastructure like the Kaseya, Colonial Pipeline, and JBS USA ransomware attacks, the advisory says that monitoring organizations are seeing a shift from “big-game hunting” with larger U.S. companies and a shift to more mid-sized targets.
“In the first half of 2021, cybersecurity authorities in the United States and Australia observed ransomware threat actors targeting ‘big game’ organizations – i.e., perceived high-value organizations and/or those that provide critical services – in several high-profile incidents,” the advisory says. “However, ransomware groups suffered disruptions from U.S. authorities in mid-2021. Subsequently, the FBI observed some ransomware threat actors redirecting ransomware efforts away from ‘big-game’ and toward mid-sized victims to reduce scrutiny.”
The advisory also says ransomware groups have begun sharing victim information with each other and have also begun using “triple-extortion” tactics. Additionally, ransomware groups are increasing their impact by targeting the cloud and managed services providers, as attacking industrial processes and the software supply chain. The advisory also said that ransomware groups have been targeting victims on holidays and weekends when network defenders are likely to be fewer to nonexistent.
The organizations warn to keep all operating systems and software up to date, train employees to identify phishing attempts, implement multi-factor authentication, and more. The advisory also advises networks to be segmented with end-to-end encryption.