Cyber Criminals Increasingly Will Target Top Executives in Ransomware Attacks: Report

April 14, 2020

Senior executives increasingly will be targeted by cyber criminals looking for ways to steal money from large corporations, according to a report from cyber analytics provider CyberCube.

Organized criminals and hackers are moving away from high volume, low-value methods of attack against private individuals and instead are targeting senior managers with access to bank accounts and who can authorize payments, said the report, titled “Understanding Ransomware Trends.”

“Criminals are starting to realize that ransom demands of millions of dollars are achievable when the target becomes ‘the corporation,’ rather than ‘the consumer,'” the report said, which is leading to a trend of so-called “Enterprise Ransomware.”

Quoting figures from cyber-security specialist Symantec, the report noted that 69% of ransomware attacks seen in 2016 were focused on the consumer, which dropped to 19% in 2018, with the remaining 81% of attacks that year focused on corporations with high ransom demands.

The report predicts that criminals will more closely calibrate their ransom demands to an organization’s financial performance, data assets and other measurables such as the ability to pay ransoms. It also predicted that criminals will use artificial intelligence (AI) to construct algorithms that will hunt for individual targets and decide “which buttons to press” in order to obtain the maximum degree of compliance from the company.

“Criminals are good at social engineering, AI will be much better,” said San Francisco-based CyberCube in the report.

Further, the report warned that “socially engineered email and social media attacks will often rely on topical events (such as the recent coronavirus outbreak) to fool unsuspecting recipients into clicking on links or attachments that trigger a ransomware attack.”

Businesses have worked to mitigate the effects of ransomware attacks “by boosting defenses and increasingly backing up data in multiple secure locations…,” said the report. As a result, cyber criminals have found other ways to pressure victims into payment of ransoms, “namely by threatening to leak, or actually leaking a downloaded copy of victims’ files,” which can increase corporate costs.

Any such attack has potential legal liability as well as regulatory implications (and associated fines) for any company “holding personally identifiable information either in the U.S. under data breach notification laws, or under the European General Data Protection Regulation (GDPR).” [Editor’s note: GDPR fines could be as much as €20 million ($22 million), or 4 percent of the offending company’s global annual revenue, whichever is higher.]

CyberCube said “Enterprise Ransomware” is here to stay and likely to grow as an attack vector. The company then offered further predictions for 2020 and 2021:

“The evolution of ransomware tactics that target the enterprise and the emergence of more sophisticated groups means that this type of cyber risk is (or will rapidly become) a strategic issue for every business,” the report said. These attacks have the potential of creating “systemic and high severity risk of many types including business interruption, contingent business interruption, financial loss, regulatory penalties and more,” it continued.

“The business model for cyber crime is evolving rapidly. Threat actor groups are conducting campaigns and adjusting their models to extract greater value from a smaller number of attacks,” said Oliver Brew, CyberCube’s head of Client Services and one of the report’s authors, in a statement accompanying the report

“Recently, we’ve seen some very sophisticated and aggressive organised criminal groups conduct carefully targeted ransomware attacks, which mark a move away from the traditional high volume, low-value approach,” he added.

“Criminals are realizing that ransom demands of millions of dollars are achievable when the target becomes a corporation rather than lots of consumers,” said Yvette Essen, CyberCube’s head of Content, in a statement.

“The danger now is that the coronavirus outbreak is creating the ideal conditions for ransomware attacks to flourish. With widespread working from home, increased internet traffic, increasing use of technology for what were face-to-face transactions, corporations must increase their vigilance,” she continued.

Source: CyberCube