Criminals are now using AI to make their ransomware attacks even more efficient. If you look at the latest developments, there is no all-clear in sight. Thanks to AI, phishing emails are getting better and more dangerous.
Ransomware has long been a real problem for organizations of all shapes and sizes. In a recent study, security researchers at Barracuda were able to prove that not only the quantity of ransomware attacks has increased, but also the quality.
AI creates grammatically correct phishing emails
🔎 Graphic 1: Ransomware attacks have multiplied across all industries in recent years (Image: Barracuda Networks)
In nominal terms, the number of reported attacks across all industries doubled last year - and has more than quadrupled since 2021. This is largely due to AI for automation, which helps criminals carry out more attacks. At the same time the quality also increases. The attackers use generative AI to create well-designed and grammatically correct phishing emails very quickly and without much effort. AI means that these emails can hardly be recognized due to grammatical and spelling errors. Ransomware-as-a-service tools and generative AI for copywriting and code generation are making it increasingly easier for cybercriminals to ply their trade.
Protection against ransomware is possible
On the surface, there seems to be no cure for ransomware. However, if you look at the numbers of successful attacks by industry, a trend emerges: financial institutions are attacked less frequently than public administration, education or the healthcare system. The proportion of ransomware attacks increased year-over-year in all five focus industries - with the exception of financial companies. Attacks on communities increased from 12 percent to 21 percent, attacks on healthcare from 12 percent to 18 percent, attacks on education from 15 percent to 18 percent, and attacks on infrastructure from 8 percent to 10 percent. In comparison, attacks on financial institutions fell from six percent to one percent.
Financial institutions are better protected
🔎 Graphic 2: Attackers focus on less protected industries such as public administration or healthcare (Image: Barracuda Networks).
The fact that financial institutions would be very desirable victims with potentially high returns for the criminal attackers, but that they focus on the more cash-strapped industries, allows for a clear conclusion: the financial industry has higher security budgets and is therefore better protected and the attackers would have to invest significantly more in their attacks. The expected return of investment for the attackers is therefore significantly lower than in industries that are less well secured but also promise lower returns.
Thanks to AI, ransomware attacks are becoming more successful and more frequent. However, the financial industry proves that it is possible to better protect against attacks. On the one hand, this means that all other industries will have to spend more resources, especially if the business continuity and disaster recovery plans and the technologies used are no longer up to date. But even beyond purchasing new security technology, companies can implement some measures to improve their resilience.
Five practices to improve ransomware resilience:
1. Detection and prevention
The priority should be to provide measures and tools to detect and prevent a successful attack. In today's rapidly evolving threat landscape, this means implementing deep, layered security technologies, including AI-powered email protection and zero trust access measures, application security, threat hunting, XDR capabilities and effective incident response.
2. Resilience and recovery
Even with limited resources, you can recover effectively from ransomware attacks. First, expect attackers to also target business continuity and disaster recovery infrastructure - including backup systems. Numerous incidents show that attackers often only demand ransom after
when they are sure that the victim has limited options for recovery. Below are some tips on how to better prepare for attacks.
- Segment and isolate security systems
- Use a different storage for user management, for example. a separate Active Directory and/or Lightweight Directory Access Protocol)
- Use stronger multi-factor authentication (MFA) mechanisms instead of push notifications
- Use encryption
- Protect policies and documentation through encryption and privileged access and store them in a different form
3. More ways to secure backups, air gaps and cloud backups
Separating storage from the administrator's typical operating environment with an air gap improves its security. The cloud is the best option in this case. However, one must keep in mind that restoring over the Internet is slightly slower than local restoring. Other ways to improve the security of backups include:
- Zero trust for access to a backup solution
- Reduce access through role-based access control
- Implementation of immutable file stores
- Avoiding “network sharing” for the backup environment
- Using a purpose-built, fully integrated solution so that software and hardware belong together
4. Dedicated backup appliances
Unfortunately, virtual machine hypervisors present additional attack surfaces that malicious actors can use to break into the backup solution. Therefore, it is still recommended to use a dedicated backup appliance solution if the recovery time objective (RTO) is aggressive. Under no circumstances should you use your own developments.
5. Don’t forget SaaS applications
It is important to secure data stored in the cloud. Microsoft 365 accounts and other SaaS applications registered under Azure AD contain important data assets that require continuous data classification, access control, and strategy for true data protection.
Conclusion: Improve resilience
AI has made ransomware even more dangerous. This not only makes the attacks better, but also more frequent. It remains the case that, analogous to improving ransomware, organizations must continually improve their own resilience to avoid falling victim and paying a ransom to decrypt data. Resistance to attacks can be improved through numerous measures. In addition to implementing deep, layered security technologies, this also includes numerous organizational practices, says Dr. Klaus Gheri, Vice President & General Manager Network Security at Barracuda Networks.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.