Threat Actors Targeting Mid-Size Companies …

Federal cybersecurity agencies from the United States, United Kingdom and Australia have issued a joint advisory regarding a severe uptick in ransomware attacks throughout 2021 across the three countries.

The increased threat on critical infrastructure has prompted this advisory, according to the US’s Cybersecurity and Infrastructure Security Agency (CISA). 

Following high-profile attacks on Colonial Pipeline, Kaseya, and JBS in 2021, threat actors began to shift away from “big game hunting” and draw their focus to smaller companies, the bulletin said. That particular trend did not carry through UK and Australian attacks – both of which reported that targets of all sizes were victims, according to the report.

The joint bulletin highlighted that threat actors are gaining access to networks with phishing, stolen remote desktop protocols, or by brute force. It also mentioned that the use of “cybercrime services-for-hire” were becoming increasingly prevalent.

Because of this, the three nations stated the importance of not paying ransoms.

“Cybersecurity authorities in the United States, Australia, and the United Kingdom assess that if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent. Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model,” the bulletin stated.

Ransomware groups are boosting their impact via targeting cloud-based applications, managed service providers, industrial processes, and the supply chain. Plus, they tend to attack on weekends and holidays when there are fewer IT support personnel at the victim organizations, the report said. This issue had been previously discussed in another CISA bulletin. 

For their part, organizations can avoid these pitfalls and threats through proper preparation and mitigation steps, according to CISA. This includes installing software updates, requiring user training on phishing and other nefarious practices, as well as implementing multi-factor authentication.

You can read the full memo here.