Cyber has grown to become one of the most expensive threats to businesses today. It has potential to become the largest transfer of economic wealth in history, with total business losses due to data breaches expected to exceed $5 trillion by 2024.
Cyber events are generally understood to target the confidentiality, integrity or availability of data (known as the ‘CIA triad’), with attacks having the potential to hit one or more of these categories.
- Confidentiality attacks are broadly known as breaches or leaks, in which data is extracted from a system. It could then be held captive, released, or used for further purposes by the attackers to multiply the impact of the attack.
- Integrity attacks involve manipulating the consistency and accuracy of the data accessed. Integrity attacks can cause some of the most damaging cyber incidents, but can also be difficult to spot if carried out by sophisticated actors.
- Availability attacks affect the continuity of access to data, such as a distributed-denial-of-service (DDoS) attack or an attack with affected servers and cloud platforms. Availability cyber attacks may also be physical in nature, sabotaging key equipment which causes a long access outage.
As individuals, we have a thirst for information and connectivity – however this desire has created the prime conditions for cyber attacks. In particular, COVID-19 has driven a global workforce to work from home more often, removing them from secure networks and enterprise-level software protections. From phishing emails to unsecured networks, today’s tech landscape presents greater opportunities for hackers.
What attackers are looking for is also evolving. Ransomware can put pressure on businesses, extorting huge sums as a result.
- In 2017, the WannaCry ransomware attack affected 200,000 computers across 150 countries racking up costs of £6 billion. [13]
- In the same year, NotPetya targeted systems in the Ukraine and Russia, knocking out half of shipping giant Maersk’s servers. The attack cost its victims $10 billion in total.
- In 2020, the first death occurring as a result of a ransomware attack was recorded at a hospital in Duesseldorf, Germany, when emergency room staff were unable to admit an urgent care patient due to the systems disruption from the attack. [14]
- In 2021, the malware Apache Log4j Library was present in at least 100 million instances globally [15] and is still being exploited [16] by ransomware hackers today.
Negotiation has since become an important aspect of ransomware campaigns. As several events have shown, the threat of doxing (also called multi-faceted extortion events) has guaranteed a higher probability of ransom payments. This is because the technical capabilities of ransomware groups now include data exfiltration techniques which make extortion more likely; the increased costs and potential for reputational damage make a business more likely to concede.
Many cyber attacks may be lying dormant, having gained access to secure networks and determining the most effective means of causing disruption and extracting the maximum amount of money for their efforts. It is expected that the coming years will see an increase in cyber attacks comparative to 2022, due to the access gained throughout the pandemic.
[13] https://www.acronis.com/en-gb/articles/ransomware-attacks/
[14] (Ralston 2020)
[15] (Center for Internet Security 2022)
[16] https://venturebeat.com/2021/12/14/log4j-exploits-attempted-on-44-of-corporate-networks-ransomware-payloads-spotted/
Glossary
A glossary of cyber specific terms used in the scenario.
CIA triad | A framework of three cyber security principles; data privacy (confidentiality), data accuracy and validity (integrity), and access to services (availability) |
Distributed denial-of-service (DDoS) | An attack which overwhelms its target with internet traffic to prevent users from accessing online services |
Malicious code | Any code deliberately inserted to cause damage or disruption |
Malware | Any software that is malicious by design. Malware takes many forms and includes software for establishing command and control, delivering ransomware, etc |
Ransomware | A malware which prevents victims from accessing devices or data, typically by encrypting files. The attacker will then demand a ransom in exchange for decryption and may also threaten to leak the data |
Self-replicating encryption malware | A computer worm that can spread itself across a number of linked devices |