There has been a considerable rise in a cyberattack phenomenon called big game hunting. With big game hunting, hackers target large firms instead of smaller organizations and individuals. The reason? Attackers are aware that larger enterprise companies can afford to pay higher ransoms.
Just as hunter-gatherers drove elephants off a cliff using their coordinated hunting skills, present-day cyber attackers select, study and attack large companies using their coordinated hacking skills.
How big game hunters attack
Both individuals and groups can perpetrate ransomware. However, it is usually organized criminal groups that attack large corporations. These groups may even be state-sponsored players. (State-affiliated or sponsored actors spread ransomware to further their patron country’s political, commercial or military interests.) Businesses are specifically at risk here because most insurance policies exclude coverage for state-sponsored attacks. Unlike common phishing campaigns, where the main aim is to spread malware to the extent possible, big game hunting exploits specific vulnerabilities of a single, high-value target. Detecting such attacks requires AI-powered tools. These tools learn what’s normal for each unique user and device and use that information to detect subtle signs of unusual activity indicating potential cyberattacks.
Big Game Hunters select and study-specific targets based on a set of criteria. They then use more and more sophisticated methods to install ransomware on their victims’ systems. Typically, most big game hunters spend several months staking out your organization’s IT system before installing malware. The length of time big hunters are in your system is frightening, but it also means you have more time to discover the impending attack before any damage occurs. Usually, modern cyber criminals access networks by exploiting weaknesses in Remote Desktop Protocol (RDP) servers.
As the ransom amount from these cyberattacks increase, so does their frequency. A Malwarebytes report found that businesses detected 365% more ransomware attacks in the second quarter this year than they did for the same period last year. Another report by Coveware stated that between the first and second quarters of this year, the average ransom amount has nearly tripled from US$12,762 to US$36,295. For the best defence against big game hunting attacks, your business should have an active approach to cybersecurity instead of a reactive one. A proactive system is practical only if you know the specific cybersecurity threats that put your organization at risk.
What can corporations and large organizations do?
Since the direct and indirect costs of ransomware attacks have increased, large organizations need to develop a renewed approach to cybersecurity. In the process, companies should re-evaluate the techniques they use for intruder detection and incident response.
There are different ways in which businesses and organizations can safeguard themselves against such sophisticated ransomware attacks. For example, organizations increase their risk of cyberattacks because their security staff and managers do not communicate effectively. These attacks cannot be traced to a specific branch or department. Managers, for example, are frequently unprepared and untrained in cybersecurity, limiting their ability to respond to threats.
All employees need to be trained well on the kind of threats they might face and should have at least a basic understanding of how to recognize those threats. As we become more dependent on technology and cybercrime becomes more of a threat, it is critical to educate all employees and share the defence responsibility with the entire organization (not just the security teams). Additionally, organizations need to develop and implement a robust cybersecurity policy to outline their cyber defence strategy. A strategy should include the assets and data that need to be protected, the specific threats to those assets and what security tools and processes have to be adopted to deal with these threats.
Counting the Cost
Cybercriminals are becoming considerably more organized in their operations, and their attack methods are constantly improving. As a result, companies must consider the implications of a cyber-attack. In particular, they must review what it could mean financially, as well as the damage it could cause to their business, customers’ data and reputation.
The cost of not acting promptly can far exceed the cost of a cybersecurity evaluation.
Packetlabs offers comprehensive, affordable security services, including infrastructure penetration testing, application testing, and red team exercises. Our testing team has the required expertise and qualification, augmented by hands-on experience in live threat environments.
Contact us for a free, no-obligation consultation.