If cybercrime organizations could be publicly traded, we’d have an instant new multibillion dollar industry sector. Indeed, cyberthreats have become so pervasive that U.S. President Joe Biden recently signed an executive order aimed at improving federal cybersecurity in the wake of multiple significant cyberattacks, including the ransomware attack that shut down the Colonial Pipeline.
Meanwhile, a broad coalition of experts in industry, government, law enforcement, civil society, and international organizations have joined together in the Ransomware Task Force to build a framework for combatting ransomware.
Ransomware attacks are only one method, however. Threat actors also use distributed denial-of-service (DDoS) attacks to ratchet up the pressure. For example, with DDoS extortion (aka ransom DDoS) attacks, cybercriminals threaten individuals or organizations with a DDoS incursion unless an extortion demand is paid. The threat actors behind last year’s Lazarus Bear Armada (LBA) DDoS extortion campaign used a variety of vectors and methods to target thousands of companies across a range of industries. Not surprisingly, data from NETSCOUT’s 16th annual Worldwide Infrastructure Security Report (WISR) shows that DDoS extortion attacks grew by an astounding 125 percent in 2020.
Then there are triple extortion attacks, which combine file encryption, data theft, and DDoS attacks to create even more trouble. Ransomware gangs SunCrypt and Ragnar Locker were early users of this tactic, and we now see it deployed via well-organized business models that include ransomware-as-a-service offerings, affiliations, and support centers.
Paying the ransom is tempting for many victims of these attacks, if for no other reason than to try to curtail the damage done by an extended shutdown. And it’s one reason by cyber insurance has become an increasingly popular choice for companies looking to cover potential losses from a cyberattack. A recent CNN story reported that AIG, one of the world's largest insurers, “saw a 150 percent increase in ransom and extortion claims between 2018 and 2020. Ransom demands now account for one in every five cyber insurance claims, the company added.”
Cyber Insurance Premiums Skyrocket
However, as more attacks occur, the cost of this type of insurance is skyrocketing. According to an April report from Fitch Ratings, premiums for cyber insurance coverage have increased 22 percent over the previous year and are expected to continue going up for the foreseeable future.
Skyrocketing premiums are not the only reason that cyber insurance is not a panacea. The U.S. Department of Justice has announced plans to use the same protocols on anti-ransomware efforts as it does for terrorism. As a result, insurance providers will be able to avoid making cyber insurance payouts if an attack is deemed an act of terrorism, because terrorism insurance typically is a separate policy.
Investing in Security Is Key
As the cost and complexity of cyber insurance increase, it’s clear that simply insuring against cyberattacks is insufficient. In fact, a recent report from Accenture found that as the cyber insurance market hardens, underwriters have a host of data available for winnowing out the high-risk companies that don’t practice good cyber hygiene. These insurers increasingly will reward companies that can demonstrate robust cybersecurity best practices, such as the following:
- Avoid the network breach. Best practices include educating users on proper cybersecurity hygiene and employing network and endpoint cybersecurity protection solutions to detect malware, anomalous activity, or indicators of compromise (IoCs).
- Pay attention to the basics. Back up valuable data and test data-restoration plans. Run vulnerability assessments and patch and update computer systems accordingly to avoid compromise.
- Deploy continuous threat intelligence. Staying abreast of the latest threat intelligence helps companies detect, investigate, or proactively hunt for IoCs that could precede a ransomware attack.
- Use proper DDoS protection. DDoS attacks are increasing in size, frequency, and complexity. Best practices in DDoS mitigation include a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation.
Battling cybercrime is a multifront war, and modern-day DDoS attacks are complex, multivector, and dynamic. Companies need to make ongoing investments in security to adapt to constantly evolving threat tactics. The more robust a defense is, the more capable a company will be in fending off the growing number of cyberthreats.
- Threat Intelligence