Ransomware damages expected to exceed £15 billion by end of year
Cybercriminals now try to use MSPs' own internal tools against them
Ransomware continues to be the number one threat to big and medium businesses, and the damages caused as a result of ransomware attacks are expected to exceed $20 billion (about £15 billion) before the end of 2021.
That's according to Cybersecurity Ventures, quoted in the Acronis Cyberthreats Report 2022 [pdf]. Acronis conducted an in-depth review of attack and threat data collected by the company's global network of Acronis CPOCs during the second half of 2021.
The report shows that during the second half of 2021, only 20 per cent of the companies reported not having been targeted in cyber attacks, as opposed to 32 per cent last year.
The study highlights that managed service providers (MSPs) are particularly vulnerable to devastating ransomware and supply chain attacks, because cyber actors are now attempting to use MSP's own management tools, such as RMM or PSA, against them.
Supply-chain attacks against MSPs are highly damaging as they enable threat actors to gain access to the computer networks/systems of businesses as well as their clients. One successful attack means disturbing operations of hundreds or thousands of SMBs. That was seen during last year's SolarWinds breach and again during Kaseya VSA attack in July.
"The second half of 2021 was rich in ransomware gang activities, and the whole industry was overwhelmed with a number of big cases," says the report.
"These ransomware gangs were not only very active, but started to become much more aggressive."
Malware attacks remain a global phenomenon, and every country has to fight the scourge.
In Q3 2021, the most attacked countries by malware were the United States, Germany and Canada, the report says.
"Reviewing the normalised malware detection in our research, we saw countries like Taiwan, Singapore, China, and Brazil with over a 50 per cent detection rate. However, the Middle East and Africa (MEA) region also ranks fairly high on the list, with the UAE at 38 per cent; South Africa at 36 per cent; and Saudi Arabia at 29 per cent."
The report says vulnerabilities are now being widely exploited, with Linux and macOS getting more attention from cybercriminals.
Phishing remains the main attack vector, as the report found 94 per cent of malware getting delivered by email.
Acronis says it blocked 23 per cent more phishing emails this year, and compared to the second quarter, 40 per cent more malware emails were blocked in the Q3 2021.
In September, Microsoft warned of an extensive phishing-as-a-service (PHaaS) operation that not only sells phishing kits and email templates, but also provides criminals with hosting and other automated services.
The Acronis report also predicts that crypto exchanges and cryptocurrencies owners will suffer more attacks in the near future as cryptocurrencies become more and more popular. For example, the crypto exchange Coinbase said in October that at least 6,000 customers had fallen victim to a phishing campaign earlier this year, resulting in funds being stolen from their accounts.
"The cybercrime industry is a well-oiled machine, using cloud and machine intelligence to scale and automate their operations," said Candid Wuest, Acronis VP of cyber protection research.
"While the threat landscape continues to grow, we see that the main attack vectors stay the same - and they still work.
"2022 will surely bring us surprises, cyber protection automation remains the only path to greater security, reduced risks, lower costs and improved efficiency."