Science and technology cloud report original.
At this year's CES 2021 conference, Intel demonstrated the 11th generation Intel Core vPro CPU, which adds ransomware detection at the chip level, which will be able to detect ransomware attacks at the hardware level and provide security protection at the lower level.
CES has always been hailed as the "Spring Festival Gala" of the science and technology industry, and it is a good opportunity for major technology manufacturers to show off their muscles. Why did Intel release the "ransomware detection function" as a highlight?
The reason is simple, ransomware threats once again lead the hottest cybersecurity topics in 2020. According to statistics from AsiaInfo, the number of ransomware attacks intercepted in 2020 has doubled compared with 2019.
As the attack technology and commercial model of ransomware become more mature, what new trends will ransomware show in 2021?
Trend 1: "Double blackmail" model is popular
When talking about ransomware, we need to draw a line between its past and the present. Because today's ransomware not only involves encrypted data, but also mainly involves data leakage.
This "double blackmail" first steals the victim's confidential data, and then encrypts the victim's files. If the victim refuses to pay the ransom, the data will be disclosed.
In other words, today's ransomware no longer simply encrypts data, but also publishes stolen data on the Internet. We call it "ransomware 2.0".
"Double extortion" makes enterprises and institutions not only face destructive data leakage, but also related regulations, financial and reputation impacts, which increases the pressure on enterprises to meet the requirements of hackers.
Trend 2: Remote office intrusion becomes the norm
360 Security Brain’s "2020 Ransomware Epidemic Analysis Report" shows that from the perspective of the delivery method of ransomware, remote desktop intrusion is still the most important method for user computers to be infected.
Driven by the COVID-19 pandemic and the acceleration of global digitalization, the rapid increase of millions of remote office scenarios has created a new attack surface for ransomware due to the increase in network openness and the increase in interfaces.
According to Datto's "Global Channel Ransomware State Report", 59% of respondents said that remote work due to the coronavirus pandemic has led to an increase in ransomware attacks.
Trend 3: "New Crown Epidemic" is active as bait attacks
Affected by the epidemic, phishing software attacks have also become active.
For example, since last year, there have been attacks using COVID-19-related content topics as phishing bait. The topics used are: "Insufficient supply of vaccines and masks", "Health Investigation Report", "Coronavirus Update", etc. Attackers can always find the most interesting topics and trick the attacked into opening phishing emails.
Trend 4: Critical infrastructure becomes an important target for attacks
Due to the high value of the network assets of large government and enterprise organizations, they have become the number one prey of ransomware.
In order to “catch it all in one net,” ransomware often uses it to infiltrate a single machine for a longer period of time. After it has compromised more machines, a large number of file encryption modules are implanted, causing a large-scale paralysis of the business systems of government and enterprises.
According to COVEWARE's report, in the first quarter of 2020, the average corporate ransom payment increased to US$111,605, an increase of 33% over the fourth quarter of 2019.
Trend 5: Targeted ransomware is manufactured
With its mature attack technology, commercialization model, and wide variety of ransomware, ransomware has gained the general favor of criminals.
AsiaInfo has discovered that APT threat actors will purchase initial network access rights from ransomware "releasers", aiming at related industries and enterprises to form a more refined ransomware attack.
At present, hacker organizations have grown, and even some mainstream foreign ransomware operation teams are looking for ransomware distribution operators in China, and cooperate with foreign operators through the dark web to distribute and spread ransomware to make huge profits.
Trend 6: Data security under cloud native becomes the top priority
According to relevant data from consulting agencies, nearly 70% of enterprise organizations plan to increase cloud investment in the current epidemic, and features such as microservices, containerization, DevOps, and continuous delivery also allow cloud native to reshape the IT technology system.
Dharma Academy's top ten technology trends in 2021 believe that cloud native can highly abstract the infrastructure layers such as networks, servers, and operating systems, reduce computing costs, improve iteration efficiency, greatly reduce the threshold for cloud computing use, and expand technology application boundaries.
Therefore, the hierarchical anti-ransomware plan based on the cloud architecture will become an important means of data security.
Trend 7: IoT has become a new breakthrough for ransomware attacks
The targets of the ransomware virus are no longer limited to personal PCs, traditional corporate, government, and school websites with weaker protection capabilities. Factories, industrial equipment, smart cameras, routers and many other devices in the Internet of Everything era have also been targeted.
Hackers usually access company networks through IoT devices that are open to the Internet. Each connected device is a potential entrance for hackers to install IoT ransomware and request payment.
How to protect against ransomware in 2021?
In most people’s minds, ransomware attackers generally rely on traditional malware, such as botnet implants that have previously been abandoned by other cybercriminals.
However, the attack is not only related to malicious software. Factors such as bad online behavior, lack of vulnerability patching plans and regular security procedures can all lead to successful ransomware intrusion.
For example, old IT systems provide convenience for ransomware attacks. In this type of attack, a network intruder will invade key IT systems and encrypt all system data until the ransom is paid. Many local governments, hospitals, and schools have suffered from ransomware attacks of varying degrees because of many old IT systems.
There are also some attacks. The initial vector is to use some known vulnerabilities in commercial VPN software and the use of router firmware that is vulnerable to attack.
In either case, the attacker's initial entry point is to start network reconnaissance first, then move laterally across the network, and then begin data penetration. Once successful, these data will become the attacker's "bargaining chip."
When deploying ransomware, anti-malware products may have been deleted or disabled by threat actors because they have complete control of the domain network and can perform various operations as legitimate administrators.
Therefore, it can be said that this is a completely red team operation that relies on different hacking techniques for its own purposes, mainly including the technology of disabling anti-malware solutions through legal tools and other scripts.
In this way, the attacker does not care whether the ransomware itself will be detected.
Faced with such rampant attacks, how should we protect against blackmail attacks? According to the recommendations of security experts:
Unless absolutely necessary, do not expose remote desktop services (such as RDP) to public networks, and always use strong passwords for them;
Immediately install available patches for commercial-grade VPN solutions that provide remote employee access rights and act as gateways;
Always keep the software on all devices you use up to date to prevent ransomware from misusing the loopholes;
Focus the defense strategy on detecting lateral movement and data leakage, and pay special attention to the outgoing traffic to detect the connection of cybercriminals. Back up data regularly and ensure that it can be accessed quickly when needed urgently;
In order to protect the company environment, please conduct safety education and training for your employees;
Use reliable endpoint security solutions, etc.
In the face of the threat of ransomware, no one can stay aloof. Enterprises and government departments have suspended work and production due to ransomware, and hospitals cannot save patients due to ransomware. It can be said that ransomware is no longer just a vocabulary of the security industry, but also affects the general public.
In the future, as the attack patterns of ransomware continue to change with technological development, their propagation methods and attack targets will break through the traditional limitations and spread toward diversification, low threshold, and wide distribution. Among them, the intensification of information leakage, the upgrading of attack methods, the expansion of monetization channels, and the spread of ransomware are all development directions that deserve close attention.
[Report on Technology Cloud]
An enterprise-level content expert who focuses on originality-Technology Cloud Report. Established in 2015, it is a top 10 media in the cutting-edge enterprise IT field. It is authoritatively recognized by the Ministry of Industry and Information Technology, and is one of the official media designated by Trusted Cloud and Global Cloud Computing Conference. In-depth original reports on cloud computing, big data, artificial intelligence, blockchain and other fields.