Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Ransom payments “skyrocket” year-on-year to a new average of US$3.6 million, while 80 per cent of ransomware-as-a-service operations increasingly offer AI-powered services to their customers.
Two reports recently emerged that paint an alarming picture of an evolving ransomware ecosystem that is not only making more money with each successful extortion attempt, but also one that is continuing to turn to AI and automation to speed up its attacks.
According to research conducted by Censuswide on behalf of ExtraHop for its annual threat landscape report, while ransomware incidents have somewhat dropped, the average ransom payment has increased significantly over the last year.
In fact, the average figure has risen by more than US$1 million year-on-year, from US$2.5 million to US$3.6 million.
And while profits are clearly going up, tactics, ExtraHop contends, are remaining much the same, with attackers relying on “old tactics” to compromise their targets. Phishing and social engineering account for 33.65 per cent of all network access attempts, followed by software vulnerabilities (19.43 per cent), third-party & supply chain compromise (13.4 per cent), and compromised credentials (12.1 per cent).
However, the access points being used are changing. Public clouds and integrated third parties are being targeted in roughly half of intrusions, with generative AI applications close behind.
One particularly worrying statistic is the time it takes to detect an intrusion. The data suggests that ransomware operators can remain in a network for an average of two weeks before executing their attack, with many organisations only becoming aware that an incident is even underway after a hacker has begun exfiltrating data.
“This research validates what we’ve been seeing firsthand: motivated attackers are exploiting new entry points to bypass traditional defences and remain hidden inside a network until the time is right to strike,” Raja Mukerji – Co-founder and Chief Scientist, ExtraHop – said in a statement.
“The reality is, threats will always find a way in, and organisations must be able to detect threats as they move laterally between systems to escalate privileges and exfiltrate data. Enterprises that lack the ability to not only see, but also contextualise, every bit of network traffic will continue being targeted and plagued by costly downtime and ransom payments.”
While ransomware operators are starting to see AI platforms as a new aspect of the attack surface to be exploited, they’re also using AI and automation themselves, according to new research from ReliaQuest.
Fully 80 per cent of ransomware-as-a-service operations are offering AI enhancements and automation in their service offerings, including automatic AV & EDR detection and the ability to effectively kill any software that might stand in the way of ransomware execution.
Customisation is another growing offering, with 60 per cent of RaaS providers offering some form of dynamic response during the attack phase.
The DragonForce in particular is one RaaS provider pushing automation as a feature, leading to a doubling in its victim count over the last 12 months. The group offers “complete automation” of the work process alongside extensive support, anti-DDoS features, and customisable encryption modes.
Speaking to Cyber Daily on the growing use of AI by hackers, Rapid7’s Chief Product Officer, Craig Adams, said he was seeing two key evolutions.
“Number one is we're seeing a dramatic shift, lowering the level of effort to do broad-based attacks. Quite simply, [AI is] making it easier for attackers to do their job,” Adams said.
“The second piece is that AI is also decreasing the amount of time from organisation penetration, meaning from when they're first compromised, to damage being done in the organisation. It wasn't uncommon, not that many years ago, when an organisation would be breached, but then an attacker would slowly work their way through the organisation.
“We're finding time from penetration to actual negative impact is dramatically being reduced by AI, and we all know that attackers have all the incentive in the world to move quickly & broadly, and AI is an incredible gift for them in the end.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
