According to a study by The University of Minnesota Twin Cities School of Public Health, the real-world impacts of ransomware events between 2016 and 2021 contributed to a 20% drop in patient care during the first week of an attack. (Getty)
Businesses are more likely to face a costly cyber-crime attack than a robbery or fire this year as hackers continue to employ devious social-engineering skills to lure unsuspecting victims.
This reality has been highlighted in several reports by global cybersecurity experts who have analysed cybercrimes, such as ransomware (where hackers encrypt and steal data), smishing (SMS link scams) and phishing (email link/attachment scams) in recent years and have warned that Artificial Intelligence (AI) in the wrong hands will lead to an increase in cybercrime.
And the fallout is not just about big companies paying out millions to organised hackers who steal and encrypt data for a ransom — people are losing not just their personal information, but their lives, following breaches of healthcare databases.
“We first started seeing ransomware get pretty aggressive in 2017. I hoped by 2025 we’d be talking about something else, but it’s still absolutely prevalent, and it’s still absolutely rife,” James Hughes, Europe, Middle East and Africa representative for global cybersecurity firm Rubrik Test Labs, told the Mail & Guardian in an exclusive interview.
He said there were many examples last year of “ransomware really causing havoc”.
Hughes said one international bank representative, whom he declined to name, had recently reported at a conference that the bank had thwarted 108 million ransomware attacks in one month.
One of the biggest known recent incidents was the breach of healthcare records in the US, when 5.6 million patients’ records were accessed during a ransomware attack on private healthcare provider Ascension Health in May.
Manchester Memorial Hospital in the US state of Connecticut was hit by a ransomware attack in August 2023. Ambulances had to take emergency patients elsewhere, elective surgeries were cancelled and staff worked without access to equipment such as X-rays and CT scans.
According to a study by The University of Minnesota Twin Cities School of Public Health, the real-world impacts of ransomware events between 2016 and 2021 contributed to a 20% drop in patient care during the first week of an attack. The attacks directly contributed to the deaths of between 42 and 67 patients.
In South Africa, a ransomware attack on the National Health Laboratory Service in June delayed the processing of millions of blood tests after hackers deleted large sections of its system, including back-up servers. It took the service almost a month to get its systems back online.
Cybercrime on the rise
Rubrik Zero Labs’ latest report, titled The State of Data Security: Measuring Your Data’s Risk, revealed that organisations faced a record number of cyber issues in 2023, with 29 065 vulnerabilities discovered, up 16% from 2022.
According to Cisco’s 2024 cyberthreat trends report, the three most common threat categories were information stealers, Trojans and ransomware.
Hughes said, according to Rubrik’s report, the dwell time hackers spend in a business’ computer system before launching an attack can be as long as five days, a slight decline from 2022 when it was 10 days.
The report included insights from more than 1 600 IT and security leaders as well as partner organisations.
It says companies deal with cyber-attacks about every second week.
And to put the likelihood of cyberattacks into perspective, a European insurance company compared them to traditional threats in the same timeframe and found 94% of IT and security leaders reported their organisation experienced a significant cyberattack in 2023. It said 67% are more likely to experience a cyberattack than physical theft. It also found cyberattacks are far more likely than fires.
Ninety-four percent of organisations had been victims of a cyberattack and many were attacked across multiple environments, including 67% in software as a service applications, 66% in the cloud and 51% in systems on their premises.
A total of 38% of organisations had at least one data breach from a cyberattack and 33% endured at least one ransomware attack.
According to a separate study by cybersecurity think-tank Proofpoint, 94% of cloud tenants were targeted every month in 2023 and 62% of these were successfully compromised.
“Organisations need to operate as a ‘zero trust’. And what that means is just operate as if you’ve been breached, which means all of your systems need to be operating as if they’ve been assumed breached,” Hughes said.
“What I see most of the time in many organisations is they put all protection on the outside to stop anyone getting in. But once you’re on the inside, on the authenticated side of the system, then it’s just all open,” he said.
This is akin to allowing someone to walk up to a secure building protected by lasers and using a retina scanner for access, but then once the person is inside, the money is lying all over the floor.
“That’s kind of how systems work. We put loads and loads of protection on prevention at the perimeter and we’re not thinking enough of what happens when something gets through,” he said.
Big brand abuse
The top five brands hackers abuse across all types of cyberthreat are Office 365, Microsoft Outlook, Amazon, Microsoft Excel Online, Microsoft SharePoint and Amazon, according to The Human Factor Report by Proofprints.
Their malicious messages most commonly used terms like “payment”, “order”, “invoice” and “purchase”, while in the mobile space, the most popular smishing subject was package delivery notifications, prominent in both the US and UK.
According to the report, hackers also use big news events to lure victims, as evidenced in the rise of fake Silicon Valley Bank websites, the emergence of the “wall of remembrance” scam after the death of Queen Elizabeth II and fake Justin Bieber tour announcements.
Social engineering remains the most common technique used by hackers, who rely on elements of psychological manipulation.
“Conversational attacks have been a part of the threat landscape for a while. APT [advanced persistent threat] attackers, for instance, are known to invest significant time and effort in building rapport with their targets before trying to steal credentials or data,” The Human Factor report noted.
In the mobile space, Proofpoint measured a twelvefold increase in conversational attacks during the first half of 2023, including romance scams, fake job ads and “pig butchering” cryptocurrency fraud.
Pig butchering is a form of conversational threat in which benign messages are exchanged before the attacker seeks to extract money by persuading victims to invest in bogus cryptocurrency platforms.
According to Proofpoint, many users assume that their accounts and data are secure when multifactor authentication is turned on.
“After all, a cybercriminal would have to compromise your credentials and have access to the second factor of authentication, such as your mobile, landline or token generator.
“But in the tug-of-war between attack and defence, one side rarely keeps hold of an advantage for long,” the report noted.
A new development in the world of phish kits has seen the availability of off-the-shelf hacking tools that allow non-technical criminals to spin a phishing campaign and bypass multifactor authentication.
The split between URLs and attachments for threat delivery has remained consistent in recent years, with URLs accounting for around three-quarters of all threats overall.
Another disturbing trend highlighted in the Rubrik report is that hackers not only use ransomware to routinely encrypt a business’ data and backup systems but also steal and threaten to publish data.
“Cybercriminals are taking out insurance policies against effective restores … If their target can thwart the encryption event with a swift recovery, ransomware actors have another way to drive a payout,” the Rubrik report noted.
Microsoft has reported that the number of times hackers potentially exfiltrated data after an initial compromise has doubled since November 2022 and they were at least partially successful in 74% of those attempts.
“Ninety-three percent of external organisations that endured a successful ransomware attack reported paying a ransom demand with 58% of these payments motivated by threats to leak stolen data.”
According to the report, the median demand in 2023 was $800 000, and the median payout was $275 000, while the median of the top five payouts was $25 million.
AI threat to data
Hughes warned that, with the rise of AI, cybersecurity challenges like ransomware and phishing would morph.
“AI is creating its own vulnerabilities, its own attack vectors. When we picture ransomware gangs, we picture guys in hoodies in rooms, all collaborating, but they all need breaks. They’re all humans. They all go home at the end of the night,” he said.
“AI doesn’t take a break. AI is 24/7 on and it’s finding all these zero-day vulnerabilities in platforms that no one knows anything about, and it’s storing it so that it can execute when it, or when the person pushing the button, needs it.”
“AI is frankly terrifying. I don’t think attacks are going to go away. I don’t think ransomware is going to go away, because the advent of these amazing tools in the wrong hands is going to make this an even more dangerous place.”
