By Mike Sentonas, Chief Technology Officer, CrowdStrike
“2021 has been a challenging year for security teams and many of the uncertainties that shaped the year are expected to continue into 2022. The cybersecurity landscape is ever-changing as adversaries transform their tools, techniques and procedures (TTPs) to pile even more pressure on often under-resourced and unprepared security teams.
This year we spoke about the rise of the double extortion ransomware model where adversaries demand one ransom for the return of data and another to ensure that data is not leaked or sold. In fact, according to CrowdStrike’s 2021 Global Security Attitude Survey, Indian companies paid around $1.128 million in extortion fees, the highest average extortion fee globally. This double extortion ransom model will grow in sophistication in 2022.
We’re seeing an entire underground economy being built around the business of data exfiltration and extortion. Data-shaming websites are popping up like street-corner storefronts, providing a hub for ransomware groups to post and auction stolen data that’s being held ransom. These ransomware groups are revamping their entire infrastructure of tactics, techniques and procedures (TTPs) to hone in on more effectively exfiltrating and selling stolen data. Even if the threat actors can’t get their ransomware to execute past the encryption stage, they’ll pivot and find other ways to gain access to the data to sell for a profit anyway.
Numerous high profile software supply chain attacks have brought this low-hanging attack vector to greater prominence this year. They’ve exposed supply chain vulnerabilities and presented opportunities for adversaries to exploit. In fact, 63% of Indian companies have lost trust in either new or existing suppliers according to the 2021 Global Security Attitude Survey. Greater focus needs to be placed on vetting the security posture of suppliers otherwise these attacks will continue to grow in 2022.”