The Week in Breach: Top 9 Cyber Threats in Today’s Threat Landscape

Make sure to add us or contact us for the latest news

Real-Time Service Alerts




a network of business communications represented by icons like an envelope, a box, pair of headphones, etc in blue connected with white lines to a red icon of a hacker in a fedora.

ENISA Threat Landscape Report Outlines the Biggest Threats of 2021


These 9 Threats Pose the Biggest Danger to Your Business


We’re getting deep into the season of year-end wrap-ups and a powerhouse new entry has just landed. The 9th edition of the ENISA Threat Landscape (ETL) report lays out the findings of their experts and observers after analyzing what they saw in 2021 – and it was definitely a wild ride. To no one’s surprise, the last 12 months have featured a chaotic threat atmosphere that left IT professionals exhausted and new cybercrime threats surging.


Prime Threats Have Shifted


In a release announcing the debut of the ETL report last week, experts stated that “Ransomware ranks as a prime threat for the reporting period”. EU Agency for Cybersecurity Executive Director Juhan Lepassaar said in the statement that “Given the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks. Such an approach can only rally around the necessity now emphasized by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically.”

The report also listed the nine most prominent threat groups that ENISA researchers cataloged in this reporting period, and there were few surprises. The chart was studded with stalwarts but there was significant movement in just where the major players landed. Ransomware took top place charging up from its thirteenth-place finish in 2020, followed by its progenitor malware which clocked in at number one in 2020 and number two this year. Cryptojacking also made a power move this year landing in third place, up from fifteenth in 2020.


The 9 Top Threats


  1. Ransomware 
  2. Malware 
  3. Cryptojacking 
  4. Email related threats 
  5. Threats against data 
  6. Threats against availability and integrity 
  7. Disinformation – misinformation 
  8. Non-malicious threats 
  9. Supply-chain attacks 

There were some newcomers on the list that are familiar foes, like new phishing variantsThe brand-new category of disinformation-misinformation made its debut at number seven. That subject has been in the news a great deal over the course of the pandemic as cybercriminals exploited people’s worries with a record number of phishing emails and a spree of government and branded message spoofing. Disinformation/misinformation-related phishing is making the rounds again, spurred on by the circulation of dangerous fake medical information about the COVID-19 vaccine.

Non-malicious threats and supply chain attacks also joined the fray in 2021 as top threats eight and nine respectively. Researchers pointed out the risk and sloppy security behaviors that many organizations faced from the sudden shift to remote work, noting that “in 2020 and 2021, we observe a spike in non-malicious incidents, as the COVID-19 pandemic became a multiplier for human errors and system misconfigurations, up to the point that most of the breaches in 2020 were caused by errors.”

Several threats dropped from the list this year, although some appear to have been compressed into new categories. Web-based attacks, web application attacks, DDoS, identity theft, botnets, physical manipulation and cyberespionage are gone from the list even if they’re not quite gone from the IT threat landscape around the world.  It looks like a number of email-related threats were combined into one category and the same occurred with an assortment of threats to data.


Ransomware is the King of the Castle


Ransomware has been the top story in cybersecurity for the last few years as cybercriminals expand their efforts to land attacks against manufacturers, school districts, infrastructure, governments and a host of other targets. Consequentially, IT security professionals have been struggling to stay a step ahead (or sometimes just keep up) with the relentless pace of attacks. A new report highlights the challenges that security teams and businesses face today with ransomware, and experts say that it will probably get worse before it gets better.

The report details the impact and activity of several different ransomware gangs, creating a clearer image of the big picture when it comes to ransomware in 2021. Researchers noted that the two biggest dogs in the ransomware landscape were Conti and REvil, noting that those ransomware groups dominated the market from a financial point of view as well as the total volume of infections that they studied.  Both groups have been pioneers in the fast-growing ransomware-as-a-service (RaaS) economy. As has become the standard practice, these groups created platforms through which their affiliates can efficiently orchestrate attacks and deliver profitable results. RaaS-type business models for ransomware organizations dominate the market in 2021. One side effect of that surge was to muddy the waters for researchers attempting to nail down the attribution of attacks to specific threat actors.


Cybercriminals Aren’t Picky About Ransom Amounts


Researchers also confirmed something that has been clear all year long: multiple extortion schemes are in vogue, and all of the successful ransomware gangs are doing it. The ETL report declared that multiple extortion schemes greatly increased during 2021. That style of attack was defined as “After initially stealing and encrypting sensitive data from organizations and threatening to release it publicly unless a payment is made, attackers also target the organizations’ customers and/or partners for ransom to maximize their profits”. Double extortion ransomware, the most popular type, was used in more than 50% of all ransomware attacks in 2020.

That’s one reason why the average ransom amount doubled over the last year. A recent Tripwire report declared that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million.  ENISA researchers agreed that ransoms have skyrocketed, observing that over just a few months of their tracking, the highest demand made in 2020 more than doubled in 2021.

However, not everyone is swinging for the fences. Small ransoms are still popular with cybercriminals who will generally take anything that they can get. ENISA researchers pointed to two reasons why small ransoms haven’t gone out of style: they tend to be paid more easily and result in less public exposure for the threat actor. Public exposure has become a much greater concern for ransomware organizations, as illustrated by the epic falls of DarkSide and REvil after making headlines in major ransomware incidents. More incidents are also being reported, with a steady increase in ransomware incidents being reported throughout 2020 and a sharp increase in reports occurring in May and June 2021.

Ransomware Threat Breakdowns


A breakdown of the most successful gangs in 2021 showed that there’s a broad playing field even if a few outfits were dominant. Based on their own crowdsourced ransomware payment data, ENISA declared that the ransomware groups with the most financial gains in 2021 are:

  • Conti ($12.7 million)
  • REvil/Sodinokibi ($12 Million)
  • DarkSide ($4.6 Million)
  • MountLocker ($4.2 Million)
  • Blackmatter ($4.0 Million)
  • Egregor ($3.1 Million)

The ransomware groups with the most market share in 2021 Q1 are:

  • REvil/Sodinokibi (14.2%),
  • Conti V2 (10.2%),
  • Lockbit (7.5%),
  • Clop (7.1%), and
  • Egregor (5.3%).

The top gangs by market share in Q2 2021 are:

  • Sodinokibi (16.5%)
  • Conti V2 (4.4%),
  • Avaddon (5.4%)
  • Mespinoza (4.9%)
  • Hello Kitty (4.5%)

When it comes to how organizations become entangled in ransomware, ENISA showcased two vectors for ransomware infections and an uptick in new variations of ransomware attacks but no change in the currency of cybercrime noting that “Compromise through phishing e-mails and brute-forcing on Remote Desktop Protocol (RDP) services remain the two most common infection vectors. The occurrence of triple extortion schemes also increased strongly during 2021 and cryptocurrency remains the most common pay-out method for threat actors.”

This is even stronger evidence that every business is at risk of a ransomware disaster. Size and industry are no bar to risk – more than 50% of ransomware attacks in 2020 were against SMBs with less than 100 employees. Every business needs to put strong protections in place and increase its cyber resilience to fight back against ransomware and other cyberattack threats. Unfortunately, one in three small businesses with 50 or fewer employees rely on free or consumer-grade cybersecurity tools for all of their cyberattack defense. That creates a blizzard of risk for them.


Dark Web ID’s Top Threats This Week


The National Rifle Association (NRA)

https://www.nbcnews.com/tech/security/cybercriminals-claim-hacked-nra-rcna3929

Exploit: Ransomware

National Rifle Association: Gun Rights Activist Group

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.

IntegraMSP to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware ExposedGET THIS EBOOK>> 


PracticeMax

https://www.govinfosecurity.com/phi-stolen-in-practice-management-firms-ransomware-attack-a-17813

Exploit: Ransomware

PracticeMax: Medical Practice Management Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703=Severe

In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program.

Customers Impacted: Unknown

How It Could Affect Your Business Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.

IntegraMSP to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>


United States – Schreiber Foods

https://www.zdnet.com/article/schreiber-foods-back-to-normal-after-ransomware-attack-shut-down-milk-plants/

Exploit: Ransomware

Schreiber Foods: Dairy Processor

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.442=Extreme

Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.

IntegraMSP Agent to the Rescue:  See how to transform every employee into a security asset to become the real secret weapon that successful organizations deploy to fight cybercrime like ransomware! WATCH NOW>>


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.