Ransomware Evolving From “Spray and Pray” to More Targeted Attacks – Promoted Content

Ransomware gangs are moving from “spray and pray” campaigns to more targeted attacks that threaten the use of Distributed Denial of Service (DDoS) attacks to disrupt specific business services.

DDoS attacks are not only effective in disrupting business operations, but they can be launched in seconds without even having to initiate a phishing attack or breach the security perimeter of the target’s network. Their efficiency has made them useful for cybercriminals who want to trick victims into paying ransoms quickly.

August 2021 “was a month where DDoS attack records were contested and broken on three major continents,” says Radware’s Q3 DDoS Attack Report. He notes that Radware blocked more malicious incidents between January and August 2021 than during the whole of 2020.

Cloud increasing exposure

This increase in DDoS attacks reported by Radware corresponds to an increase in the use of cloud applications during the pandemic. Radware estimates that 70% of production web applications run in cloud environments.

“The move to the cloud offers scalability for organizations because they can go very, very fast depending on demand,” said APJ Vice President of Radware Yaniv Hoffman, “But as applications become more accessible public and user-centric, these applications become more vulnerable.

Cybercriminals have adapted their attack methods to reflect changing business trends, shifting from network-level attacks to application-level attacks.

This creates new challenges for security personnel, as conventional network-level tools do not provide the visibility to applications needed to detect and respond to these attacks.

This left the ransomware gangs free to harass their victims, Hoffman said, noting that in many cases the gangs teased the victims with a short DDoS attack “as an example of what they can do.”

“In 24 hours, if the victims do not pay, they will threaten to launch the full force of an attack for each day they do not pay the ransom,” Hoffman said.

“Being affected by a DDoS ransom has an impact on the continuity and availability of the business, and therefore on the credibility of these organizations. Many organizations pay just to avoid this.

Radware also found that the adoption of hybrid environments has increased in 76% of the companies surveyed, further complicating cybersecurity.

Build a frictionless defense

Businesses face five critical challenges in securing hybrid environments, Radware noted, including:

  • Emerging threat vectors that expose applications and cloud environments to attack
  • A larger threat surface where the cloud-based application surface and application infrastructure are exposed
  • The need for Agile software development and a DevOps culture that integrates security
  • The challenges of multi-cloud deployments across on-premises, hybrid, and public clouds – each with their own unique capabilities, APIs, management, and reporting
  • Ownership of budgets and security strategies by non-security stakeholders, whose disengagement from security practices impedes their ability to deliver meaningful security improvements

A DevSecOps practice, which integrates security into DevOps, can be difficult, especially because it challenges long-held notions of system and application ownership.

In 92% of organizations, according to Radware, security personnel have no say in the structure of the organization’s continuous integration / deployment (CI / CD) processes. Hoffman said this was not acceptable due to the risk of business disruption.

He said progressive companies are working to overcome these conflicts to implement “frictionless security,” which extends to cloud applications and hybrid environments.

“Because applications deploy very quickly, you have to make sure that security doesn’t create a bottleneck for it,” he explained. “You don’t want to disrupt processes. “

Effective, frictionless security forces companies to take a step back and reconsider how they secure applications, Hoffman said. Automation is invaluable in continuously monitoring application development and deployment, as well as user activity, for anomalies.

Cybercriminals often disguise and scale their attacks or use volumetric DDoS attacks to mask slow and slow application and encryption attacks. So anomaly detection can be virtually impossible with manual cybersecurity processes, Hoffman said.

Hard-coding security policies in applications was an inherently limited solution, he explained, “Only by automating algorithms can you identify changes in applications and automatically adapt security policies. security. “

“If you base your security algorithms on machine learning, you learn user behavior – and the algorithm alone can learn what is good and what is bad. This is how you don’t interfere with app deployment, while adding frictionless security.

Comments are closed.