If the mission of cybersecurity is to protect the organization from losses to cybercriminals, we are in deep trouble. Over the past year there has been a dramatic increase in the average ransomware payment made by victims or ransomware attacks, an increase that exceeds 500%. RISK & INSURANCE, a leading media source for the insurance industry, revealed that in 2023 the median ransom demand increased to $20 million from $1.4 million in 2022, and payments multiplied to $6.5 million in 2023 from $335,000 in 2022. In addition, in its annual “State of Ransomware 2024” report, Sophos, a global leader in cybersecurity, revealed that the average ransom payment has increased more than fivefold in the last year with organizations that paid a ransom reporting an increase from an average payment of $400,000 in 2022 to an average payment of $2 million in 2023. The evidence of a crisis is overwhelming.
This is a stunning increase in losses to cybercriminals. It underscores the alarming the growing sophistication and danger of cyberattacks and the substantial vulnerabilities in outdated security methods. The leading factor driving this trend is the widespread reliance on twenty-year-old, legacy Multi-Factor Authentication (MFA), which is proving completely ineffective against modern cyber threats. The reason legacy MFA is being defeated so easily by cybercriminals is the adoption of Generative AI. This incredibly powerful new technology has empowered cybercriminals to create highly convincing phishing attacks, making them nearly undetectable even to well-trained users. This article outlines the reasons behind the sharp rise in average ransomware payments, the shortcomings of legacy MFA, and the urgent need for phishing-resistant, next-generation MFA solutions.
Three Biggest Factors Driving the Rapid Increase in Ransomware Payments
Cybercriminals have adopted Generative AI
Cybercriminals have harnessed Generative AI to drastically enhance the effectiveness of phishing emails. These advanced tools can craft exceptionally realistic and personalized messages, devoid of any grammatical or spelling mistakes, making them virtually indistinguishable from genuine emails. By leveraging extensive data analysis, Generative AI replicates writing styles, constructs credible scenarios, and accurately targets individuals. These sophisticated attacks imitate emails from trusted sources, featuring authentic branding and contextually relevant details. Consequently, organizations that depend on employee training as their primary defense are finding it increasingly less effective.
Cybercriminals have improved their targeting of victims
Cybercriminals are increasingly targeting organizations where they can cause the most significant operational disruptions, thereby maximizing their ransom demands and payments. High-profile cases like MGM’s $100 million loss, Change HealthCare’s billion-dollar setback, and the still-uncalculated damages suffered by CDK Global illustrate the success of this strategy. These criminals understand the financial pressure their attacks create, leveraging this knowledge to demand exorbitant ransoms. Victims facing potentially devastating losses often find it a painful but straightforward business decision to comply with these demands.
Out of date Security Practices
For decades, Multi-Factor Authentication (MFA) has rightfully been a cornerstone of enterprise security. MFA requires additional forms of verification to enhance network protection. However, legacy MFA systems, including Knowledge-Based Authentication (KBA), One-Time Passwords (OTP), and Authentication apps developed twenty years ago are proving increasingly ineffective against contemporary cyber threats. The overwhelming majority of successful ransomware attacks have bypassed these outdated MFA methods leading directly to the crippling effects of a ransomware attack. Cybercriminals employ several techniques to compromise legacy MFA:
- SIM Swapping: Attackers persuade mobile carriers to transfer the victim’s phone number to a SIM card they control, intercepting SMS-based MFA codes.
- Phishing Attacks: Users are tricked into providing their MFA credentials via fake login pages or social engineering tactics.
- Man-in-the-Middle (MitM) Attacks: Attackers intercept communications between the user and the service, capturing MFA tokens to authenticate themselves.
- Session Hijacking: Attackers gain access to active session tokens (e.g., through XSS, CSRF attacks, or session fixation) and use them to impersonate the user without needing to re-authenticate.
- Malware: Malicious software on a user’s device captures authentication tokens, passwords, or keystrokes, allowing attackers to bypass MFA.
- Other Social Engineering: Attackers manipulate individuals into revealing their MFA credentials or performing actions that circumvent MFA controls.
- Account Recovery Process Exploitation: Attackers exploit weaknesses in account recovery processes to reset the user’s MFA settings, effectively bypassing MFA.
The vulnerabilities of legacy MFA highlight the urgent need for more robust, next-generation authentication solutions to defend against sophisticated cyber threats.
The Urgent Need for Next-Generation MFA
To combat the surge of ransomware attacks, organizations must adopt next-generation, phishing-resistant multi-factor authentication (MFA) technologies. These cutting-edge solutions utilize a variety of sophisticated authentication methods, including biometric measures like fingerprint and facial recognition, making it significantly more challenging for cybercriminals to replicate or breach corporate networks. This need is underscored by the Verizon Data Breach Incident Report, which through the years consistently indicates that over two-thirds of breaches stem from compromised credentials. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security reports that 90% of successful ransomware attacks originate from phishing incidents.
Why Biometrics are Best
Biometric authentication utilizes the distinct physical attributes of authorized users, such as fingerprints and facial features, which are exceptionally difficult to forge or steal. Biometrics are pivotal in next-generation Multi-Factor Authentication (MFA) for several reasons:
- Biometrics eliminates the issues of poor password practices and mitigate risks associated with weak, reused, or compromised passwords, which are common attack vectors.
- Biometric traits are unique to each person, making them almost impossible to replicate or steal, unlike passwords or tokens.
- Biometric data is intrinsically tied to the individual, preventing sharing or transferring, thus reducing the risk of credential theft.
- Biometric authentication is immune to phishing attacks since these traits cannot be easily captured or entered on fraudulent websites.
- Biometrics enhances fraud prevention by ensuring that the person accessing the system is indeed who they claim to be, thereby preventing identity theft and unauthorized access.
User Convenience Means Zero Friction
Biometric authentication provides a quick and seamless process, often requiring just a scan or touch, which significantly enhances the user experience. This approach eliminates the need for users to remember passwords or keep track of dongles, reducing their burden and minimizing errors, lockouts, and helpdesk calls.
- An easy-to-use MFA solution encourages higher user adoption rates. Unfriendly processes deter users from supporting organizational security measures.
- Simplified MFA processes decrease the likelihood of user errors, such as mistyping codes or losing tokens, leading to fewer lockouts and support requests, which saves time and resources for the organization.
- Users are more likely to consistently follow security protocols and use MFA if it integrates smoothly into their daily routines without causing disruptions.
- Quick and easy authentication processes ensure that employees can access necessary resources without unnecessary delays, thereby enhancing productivity levels.
User convenience in MFA solutions is crucial for stopping network intrusions, ensuring high adoption rates, reducing errors and support costs, maintaining productivity, and improving overall user satisfaction. By balancing security with ease of use, organizations can improve security environment and user satisfaction.
Selecting the Best MFA solution
Choosing the right phishing-resistant, next-generation MFA solution involves a thorough assessment of the organization’s specific needs. Key factors to consider include the supported authentication methods, integration capabilities, user-friendliness, and scalability. It’s essential to select a solution that offers a balanced combination of security, usability, and flexibility.
Implementing next-generation MFA should be done in phases to minimize disruptions and ensure a smooth transition. A phased approach allows for comprehensive testing and helps users gradually adapt to the new system.
Given the ever-evolving cybersecurity landscape, organizations must continually update their security measures. Continuous monitoring and regular updates are essential to maintain the effectiveness of phishing-resistant and next-generation MFA solutions. Establishing a framework for ongoing security assessments, system updates, and integrating threat intelligence is crucial for staying ahead of emerging threats.
Conclusion
The surge in ransomware payments underscores the urgent need for enhanced security measures. Outdated legacy MFA systems are a major factor in this trend. As cyberattacks grow more sophisticated, especially with Generative AI being used to craft convincing phishing messages, organizations must adopt next-generation MFA technologies. Advanced authentication methods, adaptive security measures, and seamless integration with existing security infrastructure can significantly bolster defenses against ransomware. Upgrading to phishing-resistant MFA is essential for protecting critical data, reducing financial risks, and maintaining operational resilience. Legacy MFA systems are no longer adequate; embracing advanced solutions is a strategic necessity in today’s cybersecurity landscape.
About the Author
John Gunn is the CEO of Token, delivering the next generation of multi-factor authentication that is invulnerable to social engineering, malware, and tampering for organizations where breaches, data loss, and ransomware must be prevented. He is a strong leader with a proven record of attracting and motivating talent to deliver significant revenue growth for software and services companies. John can be reached online at LinkedIn and at our company website http://www.tokenring.com/.
