Page 198 - Cyber Defense eMagazine August 2024
P. 198
Cybersecurity Threats in Focus: Ransomware, Botnets, and Data Theft
Ransomware Attacks: Ransomware is a cybersecurity threat that involves several vectors for use as
an entry way into a network, such as email phishing, infected sites, and software or operating
vulnerabilities. Soon after, a ransomware infection enters a network and encrypts documents on infected
devices, thereby precluding access. Attackers go on to require ransom payment, mostly done through
cryptocurrencies, to be able to give out keys for decryption that then allows access to data.
The effects of ransomware are devastating. They can paralyze operations to a much extent by making
access to critical files almost impossible—with huge downtimes and operational paralysis. For example,
in 2023, ransomware groups were very successful, making this the worst year on record. The number of
victims had risen 55.5 percent to 5,070 from the 2022 figure. There were 2,903 victims in the second and
third quarters combined, more than the total victims in 2022.
One very striking example is the Royal Mail, targeted by the LockBit ransomware group. It took out Royal
Mail's ability to send international parcels, effectively halting a key portion of its operations. LockBit
threatened to leak the stolen data unless a ransom was paid. What is more, ransomware attacks pose a
very serious risk of sensitive information exposure in cases of attackers making a threat to leak data in
order to coerce payment. The plain truth of the matter is that both operational disruption, and the potential
exposure of data due to a cybersecurity incident, presents an organization with a dual jeopardy of risk.
Botnet Exploitation: Botnets pose a continuing threat and are used by cybercriminals to further
disseminate malware, conduct DDoS attacks, and steal sensitive data from victim networks.
Historically, botnets were majorly referred to as viruses that infected computers and then propagated
through networks, spreading havoc. However, botnets are now being manipulated by some sort of
sophisticated bot masters or hacker groups who are propagating malware through various channels to
exploit the vulnerabilities in the potentially compromised system. Once a system is infected, botnets
continue to work subtly to remain undetected and communicate with their botmaster to follow the
respective commands. Then, the attackers will monetize the successful breaches through video attacks,
deployment of ransomware that encrypts data, or using a compromised system for cryptocurrency
mining.
Usually, botnets take an average of approximately eight months before they are found. This is where one
of the long-lived botnets goes, right at the top—to show the need for intrusion detection systems and
proactive security measures. Without these defenses in place, the subtle indicators of botnet activities,
such as sudden spikes in network traffic or performance degradation, can easily be overlooked and pose
serious organizational security risks.
At our organization, we had a large-scale incident with our client, where botnet activity was detected
against institutions. Such attacks were targeting institutions by the exploitation of network protocol
vulnerabilities while scanning large ranges of IP addresses. The intrusion prevention systems in place
were instrumental to the detection and mitigation of this malicious activity.
Data Theft: Cybercriminals leverage DNS exploits to exfiltrate data from the system, which essentially
means the transmission of sensitive information out of the organizational perimeter. Such incidents can
Cyber Defense eMagazine – August 2024 Edition 198
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
