New Ransomware Warning for Critical Infrastructure Providers
The UK, US, and Australian authorities have issued a new Joint Cybersecurity Advisory for critical infrastructure (CNI) providers after the industry experiences a surge in ransomware attacks over the past year. The advisory states that 14 our of 16 CNI sectors were hit by ransomware in 2021, and education was the number one target in the UK. The top cybersecurity attacks targeting the CNI sector are phishing, brute-force, vulnerability exploitation, and ransomware-as-a-service.
The alert also states that different ransomware groups in Eurasia are sharing information with each other. It remains unclear, however, how many instances in which the information sharing resulted in rebranding or merging of ransomware groups. There has also been a significant shift away from high-profile American targets to mid-sized targets that attract less attention, according to the report. The reasoning behind the switch may be aggressive law enforcement activity prompted by the Colonial Pipeline, SolarWinds, and JBS USA attacks. In addition, the Joint Advisory warned that ransomware groups have also looked to increase their impact by targeting vulnerabilities in cloud applications, APIs, virtual machine software, and cloud accounts.