Experts warn the recent spate of ransomware attacks are just the beginning. And retailers may be particularly vulnerable.
The post ‘Retailers are a key target’: Behind the rise of ransomware attacks appeared first on Inside Retail.
Ransomware attacks are on the rise, with the breach of US IT firm Kaseya last weekend just the latest, biggest attack to make the headlines. Before that, there was meat processor JBS Foods and fuel supplier Colonial Pipeline.
And tech and security experts believe there’s more to come, with the shift to remote working and online shopping and rise of ransomware insurance, which guarantees hackers a payout, creating something of a buffet line for cyber criminals.
“As we navigated through the challenges of Covid-19, ransomware attacks thrived, creating a lucrative year for cyber criminals and a disruptive year for organisations,” Gergana Winzer, industry director of cybersecurity at Unisys, told Inside Retail.
Globally, the average weekly number of ransomware attacks has increased 71 per cent over the past 12 months, according to Check Point Research. In Australia, Winzer estimates that ransomware attacks have cost organisations $248 million so far this year.
The hackers who continue to hold Kaseya’s data ransom — the company is still working on a patch that will enable its software to come back online — are demanding US$70 million in Bitcoin to release it. Colonial Pipeline reportedly paid US$4.4 million to regain control over its systems.
But it’s not just the cash demands that hurt businesses affected by ransomware attacks, Winzer said.
“It contributes to the toll already placed on economies and industries who have suffered for the past 18 months.”
“Over the years the increase of cyber-attacks across all sectors globally has been consistent with no sign of it decreasing,” Jacqueline Jayne, security awareness advocate at KnowBe4, told Inside Retail.
But the mass shift to remote working during Covid-19 has accelerated the pace of attacks, according to Winzer.
“The surge in cyber attacks is due to scammers aiming to capitalise on the shift to remote working,” she said.
“They have developed a series of new strategies to infiltrate systems to take advantage of employees who are caught off-guard in a non-office environment.”
Another factor may be ransomware insurance, which increases the likelihood that an organisation will meet hackers’ demands.
“As long as the organisation has completed the checklist for the policy (was compliant when they took out the policy) then they are protected,” Roger Smith, director of client security at Care Managed IT, told Inside Retail.
“The criminals know this, which means they will get what they ask for because the insurance company will pay.”
Ransomware attacks aren’t just becoming more frequent, they’re also becoming disruptive, as hackers shift their focus to the supply chain, rather than individual businesses.
The Kaseya attack is a good example of this technique, according to Stephen Swavley, director of IT provider Navigatum.
“Rather than going after each individual company, they hit the IT company. From there they used the IT company’s tools to encrypt all [their] clients,” he said.
“IT companies have software that allows us to manage all of our clients’ computers. We need this so that we can support them, install security patches and in general, improve their security. However, I understand that the hackers used recently found vulnerabilities in the Kaseya software, the product used by a large number of IT companies, to break into [those] companies. And then from there to encrypt their clients,” he said.
“This is hard to protect against. And happens very fast. Once they are in the IT company they can very rapidly attack their clients (minutes).”
The difference between this form of ransomware and earlier forms “is the difference between an attack and an onslaught”, according to Winzer.
All sectors are vulnerable to ransomware attacks, but retailers may be particularly at risk, because of the consumer-facing nature of their business, according to Michael McKinnon, chief information officer of Pure Security and Tesserent.
“Retailers are a key target for ransomware attacks because of the obvious disruption an attack can cause across the business, immediately halting sales and foot traffic. This puts retailers under almost immediate pressure to pay ransoms in order to get the business operational again,” McKinnon told Inside Retail.
The fact that retailers use a blend of technologies across corporate, store and e-commerce networks means there might also be more vulnerabilities for hackers to exploit, he said.
“These systems are sometimes built on ageing technologies, with some platforms operating on obsolete operating systems like Windows 7, which is extremely high risk and no longer supported with security updates,” he said.
“The impact that ransomware can have on a retail business makes it a top one or two IT priority. Although the likelihood of a successful attack is low, if one does succeed the impact is extreme and can cause the complete collapse of a retail business or, at a minimum, very serious disruption and impact on the brand and reputation.”
The post ‘Retailers are a key target’: Behind the rise of ransomware attacks appeared first on Inside Retail.