Attacks-as-a-Service gaining currency among hackers
If in the physical world, 2022 has started off with a major Omicron scare, the cyber world stares at a year where phishing, ransomware and malware attacks will get more sophisticated. More alarmingly, cyber-attacks-as-a-service threatens to gain traction. What this the bar has just been lowered for hackers to launch sophisticated attacks as they can just rent or buy the skills they don’t have.
With work and study shifting to the confines of homes and video-conferences supplanting in-person business meetings, cybersecurity has assumed nightmarish proportions. And no longer is it just an enterprise problem; from the common man to government agencies, it threatens to become everybody’s problem.
The year 2021 saw the emergence of ‘Ransomware 2.0’, an advanced and evolved attack that moved from mere extortion to data hostage/exfiltration, along with extortion.
Stolen VPN (virtual private network) credentials from exploited remote machines have enabled attackers to infiltrate the target organisation’s internal network and snatch sensitive data or perpetrate a ransomware attack. According to Himanshu Dubey, Senior Director (Engineering) of Security Labs at Quick Heal, cyber criminals are buying Cyber-Attacks-as-a-Service tools. “Interestingly, some attack groups are even selling access to large botnets or infected machines within various businesses and this which lower the entry barrier for any hacker,” he said. QuickHeal expects to see more multi-vector attacks, in which the threat actors would attack target organisations on multiple fronts.
Sunil Sharma,Managing Director (Sales) of Sophos (India and SAARC), says cyber attackers are resorting to aggressive extortion methods such as making threatening calls to employees, pressuring victims to pay, or threatening to publish/sell the data.
“The Covid-19 pandemic has shown that cybercriminals are willing to exploit the crisis to attack critical infrastructures like healthcare and the vaccine supply chain,” says James Forbes-May, Vice-President of cyber security solutions firm Barracuda Networks APAC.
According to a recent IBM survey, the average total cost of a data breach in India in 2021 stood at ₹16.50 crore. This was up by 17.85 per cent over the previous year. The cost per lost or stolen record was ₹5,900, up 6.85 per cent over 2020.