The UK, US and Australian authorities have issued a new warning for critical infrastructure (CNI) providers after a surge in ransomware attacks over the past year.
The Joint Cybersecurity Advisory comes from the UK’s National Cyber Security Centre (NCSC), the Australian Cyber Security Centre (ACSC) and the FBI, NSA and US Cybersecurity and Infrastructure Security Agency (CISA).
It claims that 14 out of 16 US CNI sectors were hit by ransomware in 2021, while education was the number one target in the UK.
Phishing, stolen or brute-forced remote desktop protocol (RDP) credentials and vulnerability exploitation remain the top threat vectors, with the agencies warning of growth in ransomware-as-a-service affiliates.
The alert also flags that different ransomware groups in Eurasia are sharing information with each other. However, it’s not clear in many instances if the groups are distinct or have merely rebranded.
There’s also been a shift away from “big-game hunting” in the US to mid-sized targets, which may attract less attention. This can be seen in the context of aggressive US law enforcement activity prompted by the Colonial Pipeline and JBS USA attacks.
Ransomware groups have also increased their impact by targeting vulnerabilities in cloud applications, virtual machine software, and orchestration software, as well as cloud accounts and APIs, the agencies noted.
Targeting of industrial processes, MSPs and software supply chains is also an increasingly common way to increase the chances of a successful attack, as is deploying malware on a weekend or public holiday, the alert added.
The document has an extensive list of industry best practices that could help CNI firms mitigate the risk of ransomware compromise.
“The advisory confirms that we are now all facing an increased level of risk associated with the threats presented by ransomware. It stands to reason that so long as ransom payments are being made, we can expect this now highly sophisticated industry to continue to grow,” said Vectra AI EMEA CTO, Steve Cottrell.
“With the emergence of highly professional ransomware as a service operators, the barrier to entry for criminals has never been lower.”