The Cyber Defense Company (Cybereason) Has published an extensive survey that found that although many ransomware attacks occur during weekends or holidays, many organizations around the world are not prepared to provide an immediate and quality response at these times. As a result most ransomware attacks manage to inflict a lot of damage and the organizations experience severe damage.
Just last October, the hacker group BlackShadow Revealed during a weekend that she broke into the server farm of the Israeli company Cyberserve, which is responsible for hosting dozens of Israeli sites, including the dating site “Atref”, the public transportation company “Kavim” and dozens of other sites. The assault group demanded a ransom within 48 hours and threatened to disclose numerous databases including sensitive personal details. In May of this year, the American colonial pipeline company also experienced a severe attack carried out over the weekend by the attack group DarkSide, Which caused the shutdown of the fuel lines for five consecutive days and ended in a ransom payment.
Many educated attackers identify weekends and holidays as “dead times,” in which the security teams’ alertness decreases and so does the monitoring of what is happening in the organization’s networks. In recent years ransomware attacks have risen a step, the means of attack and the actions of the attackers have become more sophisticated, and as a result the average duration of the attacks has also dropped significantly. Today in order to prevent real damage to the organization the security teams have to locate the attack events in real time and respond to them within a few minutes, unlike previous years where the security teams had days or hours to prevent damage. This situation, combined with the fact that many organizations are not protected by advanced defense platforms, increases the intensity of the impact of ransomware attacks and amplifies the prevalence of the phenomenon.
The survey included 1,200 security and cyber experts, belonging to large organizations from around the world, who have experienced a ransom attack during a holiday or weekend in the past year. All participants addressed in their responses the impact of ransomware attacks on the organization and the new security measures they have taken as a result of those attacks they have experienced in the past.
The results of the survey show that 90% of the respondents indicated that they are aware of the dangers that exist and are afraid of ransomware attacks in the organization. At the same time over 50% of them testified that they do not have the appropriate tools to deal with a potential assault event. In addition, 25% of respondents testified that although they had experienced a ransom attack during a weekend or holiday in the past, their organization did not have a dedicated security team operating at these times in favor of locating and responding to potential attacks.
Impact on organizations – longer-than-usual response time and erosion of security teams: Today, most organizations have internal or external security teams, whose goal is to provide a professional initial response in the event of an attack on the organization and stop the spread of attackers on the network. At the same time, there seems to be a gap in the availability of security teams and the presence of professional personnel during weekends and holidays. More than half of the respondents testified that the time to perform a general assessment and provide an initial response to an assault incident that occurred during a weekend or holiday was longer than usual, compared to an assault conducted during normal activity times.
In addition, 33% of respondents testified that recovery from such an assault event and the procedure of returning to routine in the organization took longer compared to past events experienced during normal activity times. Along with the long response times, the above gap also seems to harm the well-being of security crews. 86% of respondents testified that they missed planned vacations in the past because they were called for urgent staffing following a ransom attack at the organization over a weekend or holiday, while 70% of respondents confessed to attending Assault when under the influence of alcohol.In the short term these factors may impair the professional functioning of the security teams, whereas in the long term there may be attrition and a negative impact on their satisfaction.
Industries at increased risk – retail, transportation and healthcare systems: While most countries in the world are entering the holiday season at the end of the foreign year, the retail and transport industry are emerging as particularly attractive target targets, mainly due to the increased activity of those organizations at this time of year and the potential for huge revenue loss. Another sector that is being targeted includes the medical institutions and institutes, which are a popular target due to the fear of harming human life in case of shutdown of medical systems or disruption of activity.
These elements affect the judgment of the victims and cause them to pay high ransom demands immediately, which contributes and encourages the attackers to continue attacking. The survey shows that over 65% of the respondents who belong to organizations from the above sectors testified that attacks they had experienced in the past caused severe damage to their organization because they did not have appropriate security solutions. 24% testified that although .
The technological solution exists: Behavioral analysis-based defense systems: The results of this survey, and understanding the great risk inherent in ransomware attacks should encourage organizations to defend themselves effectively. Assault tools are becoming more sophisticated and the frequency of attacks is increasing year by year. Market solutions to stop attacks exist, including advanced defense systems (NGAV, EDR, XDR) Which is intended to provide protection for all the organization’s assets and to neutralize sophisticated cyber attacks, including ransomware attacks.
It seems that today there is still a gap in understanding the severity of the situation. There are various and varied assault groups, which are active around the world and can do tremendous damage to various organizations. According to the results of the survey, 63% of the respondents believed that the ransomware attack they experienced in their organization was carried out by an advanced political entity with means, and included complex assault systems. This is despite the fact that in practice these attacks were carried out by independent attack groups that do not belong to a large and budgeted political body.
The results of the survey also show that half of the respondents testified that the existing defense system in their organization is only a traditional antivirus, even though it is not effective against today’s attack systems. Only 36% of participants testified that they possessed advanced protection systems such as EDR Which are designed to protect the endpoints in the organization from sophisticated cyber attacks.
Lior Dib, CEO and founder of Sabrizen, said that “the most destructive ransomware attacks usually occur during weekends and holidays, when the attackers know they have an advantage over the attacked organizations. “This survey shows that many organizations are not properly prepared to deal with potential attacks and must take further steps to ensure readiness for detection and an immediate response to protect the organization’s critical assets.”