20th October, 2021
Cybersecurity attacks have continued to develop over the previous quarter in both the number of attacks and the complexity and sophistication of the threats themselves, enabled by the ever-increasing number of threat vectors. One of the primary threat vectors which continues to be widely exploited are the end users, which has been demonstrated by a continued increase in the use of phishing attacks so far this year, seeing a 22% increase in the number of phishing attacks compared to the same period in 2020.
In addition to the continued increase in phishing, ransomware has also been widely utilised during criminal operations and is also seeing a good level of success. An element of this success is due, in part, to the double extortion tactics being utilised by many ransomware operators today. Whilst many organisations have had previous success in utilising extensive and regular backups of their data to mitigate the damage caused by ransomware, more and more ransomware groups are now employing the double extortion tactics. This sees not only those systems being encrypted, but the data contained within being exfiltrated to external servers under control of the criminal groups. This results in the leverage, enabling the group to increase the pressure put upon the organisation to pay the ransom as even if they were to recover their system from a backup, the criminal group would still have their data to sell on the dark web or expose in the media. Inevitably, exposure of sensitive data resulting from a breach like this can result in reputational and financial damage against the compromised organisations, giving them ever more reason to pay the ransom.