Every 14 seconds, a company faces a ransomware attack in North America. This according to chief executive officer of Canada-based cybersecurity solutions company VARS Corporation, Guillaume Caron.
Information assurance firm NCC Group, with headquarters in Manchester, England also reported in its monthly threat pulse for October that total ransomware cases for the month were 19% higher month-on-month, at 486 attacks with North America and Europe accounting for 76% of all cases globally.
Caron was speaking at the Institute of Chartered Accountants of Trinidad and Tobago’s 15th annual international finance and accounting conference at the Hyatt Regency (Trinidad), Port of Spain on November 21.
He explained that these attacks are a result of hackers having an easier time finding information on the dark web compared to seven years ago when acquiring information was their highest-paying job.
Now hackers earn income by taking emails and passwords already on the dark web and extorting companies for large payments, increasing as time goes by, before the data is published globally.
Caron said in the past ten years, billions of emails and corporate passwords have been uploaded to the dark web.
Giving an example of how this information gets out, Caron said, “If you don’t have strong corporate policies and employees are using their company emails to register for all kinds of personal services and those service companies are breached, all emails and passwords are published on the dark web.”
He added, “If you look at ransomware stats for 2024, 65% of financial organisations were targeted by ransomware, this doesn’t mean that they were encrypted but they all were targeted and, in some cases, they were encrypted.”
Ransomware is an attack whereby hackers hold a company’s entire system, seizing its operations until money is paid.
“Right now, hackers are really putting pressure on small businesses so when they ask for (US)$100,000 from a business owner who spent their entire life in this business, within 24 hours, he has to give up that $100,000 for his data. Once the ransom is paid, they don’t bite again.”
However, a large company was held for US$2.73 million but the average cost for SMEs is around US$895,000.
“If you add the ransom cost, operation, employee salary and forensic investigations, on average, this adds US$1 million per instance so some small businesses never get back up. I have seen many small organisations close their doors four to six months after a ransomware attack because they could not keep operating.”
Further speaking on the survey conducted with 250 SMEs, Caron said 11,000 ransomware attempts were blocked.
“Another phenomenon that’s happening right now is ransomware as a service, that’s one of the reasons we are seeing a lot of ransomware attacks and right now there are 15 million ransomware attacks every day. Ransomware as a service is a model for criminal enterprise allowing one to do ransomware. They operate like a regular company offering memberships, technical support and promotions.”
He said a monthly fee is paid for the service or a one-time licence for a ransomware kit.
“In return for payment, they get access to technologies, customer service and the chance to work with other criminal gangs that are specialised in for example, phishing,” Caron said.
He said the dark web has become so available that a 15-year-old can access it, download a ransomware kit and wreak havoc.
Phishing scams
Focusing on phishing scams which are also used to obtain passwords, he said those scams account for 90% of cyberattacks seen today as they have become more sophisticated than they were about five years ago.
“Now, they use social engineering, have access to a lot of information, pull information from social networks—LinkedIn, Facebook, Instagram and TikTok —all the information is there for a hacker to create a perfect scenario and use all sorts of techniques to get access to your stuff.”
Speaking on what VARS Corporation does, Caron said the company monitors thousands of businesses and after surveying 250 small to medium businesses (SMEs) and analysing 7.8 million emails for attacks, they found that 1.2 million emails were malicious and 47,000 emails were highly malicious—ransomware attempts or contained malware software.
Narrowing on the evolution of phishing scams, Caron said attackers have now graduated from well-known attacks to spear phishing – a cyberattack that involves sending personalised messages to trick a specific target into revealing sensitive information– deepfake phishing, Quick Response (QR) code phishing or quishing and automated phishing.
Speaking on deepfake phishing, Caron said, “Instead of getting a text message or email, you might start getting FaceTime calls and talk to someone who may not even be real. We saw that happen to our customers, not FaceTime, but voice calls generated by Artificial Intelligence (AI). They target consumers so it’s not yet corporate.”
He said these AI-generated calls would make the victim believe they are talking to a trusted party—family member, partner or friend—who is asking for a money transfer because they got themselves in trouble. Caron said these hackers can get your voice through social media platforms or by making spam calls to your number.
As for quishing, he said these attacks are very powerful and easy for threat actors to conduct.
“Anyone can just put a QR code sticker in the street or corporate environment, make nice publicity around it, and you will open your camera, open your browser and compromise your device. QR code phishing is on the rise,” he said.
Caron added that automated phishing has also gotten really organised and the organisations that are behind them make billions of dollars and have customer service, technical support and even promotions.
Though companies’ directors know that cyberattacks are dangerous he believes that some are unaware of the risks they possess.
“There is a big lack of information at the board level, so every board member or stakeholder knows that cybersecurity is important but they don’t necessarily understand the real risks and the priorities. We rely a lot on our IT (information technology) team which is good but our IT team and cybersecurity are two different competencies.” Caron advised companies on how to look for the steps of an attack and said the first step of an attack could be a phishing attempt or social engineering to scan the company through its employees and compromise their machines – even if they work from home – before distributing the malware through any means to get people to download it and from there they can control the company’s server – with encryption being their last step.
“They are much faster. AI helps a lot for them because they use faster technology, they have access to a lot more information and they are harder to detect,” Caron explained.
He said once the threat actors are in the system, they send out malware emails without your knowledge to business partners, affecting them, compromising the company’s backup and then taking control of the system while attempting to do the same to a company’s clientele or business partners before encryption.
For SMEs, Caron said these actors are in the system for between three to four weeks before encryption and six to eight months for larger corporations.
He added that these hackers also compromise a company’s supply chain by impersonating legitimate stakeholders to manipulate unsuspecting victims into actions that compromise security.
Author :
Publish date : 2024-11-26 13:15:00
Copyright for syndicated content belongs to the linked Source.
—-
Author : theamericannews
Publish date : 2024-11-27 08:02:21
Copyright for syndicated content belongs to the linked Source.