Destructive cyber attacks - the "new normal"
The progressive growth of cyberattacks on governments, businesses and other organizations, especially in the run-up to the pandemic crisis and the Russian-Ukrainian war, has affected our understanding of modern cyber threats. Hybrid and remote work have created additional opportunities for cybercriminals, and threat actors are continually refining their tactics and techniques. Well-known global companies but also SMEs from various sectors are targets of increasingly sophisticated phishing and ransomware attacks.
Looking just on this week's prominent attacks featured in the media gives a sense of scale.
For example, one of the more recent attacks affected the hotel group IHG, which manifested itself through the interruption of reservation channels operations due to unauthorized activity in their booking system.
Go-Ahead, one of the UK's largest transport companies, is also the victim of a cyber attack on its driver and service scheduling system, as well as payroll software. The Swiss chocolate shop Läderach was also the target of a cyber attack on September 5th. As a precautionary measure, the use of internal work tools and communication channels has been reduced to a necessary minimum, probably interrupted.
The municipality of Feldbach in Austria was also hit by a ransomware attack on September 1st. Their plan is to equip all work computers with new hard drives and reinstall the system software, certainly a time consuming and expensive operation. As of today, recovery is still in progress, due to be completed by September 12. The Los Angeles Unified School District discovered unusual activity in its IT systems during the first weekend of September, which upon initial review turned out to be an external cyber attack on the IT assets. The school implemented a response protocol to mitigate district-wide disruptions, including access to email, computer systems and applications.
As for government services, successful attacks have crippled Montenegro's public services last week, with at least 10 state institutions becoming infected. The culprits are apparently the well known Cuba ransomware gang. Also, as a fallout from this summer's attack, Albania severed diplomatic ties with Iran this week, as a state sponsored organization was blamed for destroying government data and shut down services back in July.
All these recent attacks featured in the media are caused by destructive ransomware, routinely causing multiple days of outage and sometime even weeks. The number of unreported cases is probably many times higher than what is being reported, as many victims will not come forward for fear of reputational damage. The frequency of the attacks is a testament to the success of the ransomware business model, but also the systemic vulnerabilities existing in many organization's networks. That's perhaps the reason why we will see much more regulatory pressure in the future.