 "Cyber criminals eye big players for higher payouts, warns Moody's")
Ransomware attacks have been on the rise for the last few years with hackers leveraging data for payouts by companies. A recent report by Moody's has said not only are ransomware attacks going to continue, but hackers are likely to target larger organisations through supply chain vulnerabilities. The aim of this would be to seek out large payouts and leveraging the vulnerabilities of third-party suppliers to access high-value organisations. This shift in turn is likely to increase the potential credit impact for a higher share of rated companies, Moody's said.
Less victims willing to pay ransom to hackers
Between 2022 and 2023, ransomware attacks grew by 70 per cent globally, both in terms of number of attacks and the ransom demand. The highest ransom payout in 2024 was $75 million in 2024, compared to $38 million in 2023.
Despite this increase, it seems the share of victims willing to pay hackers' ransom demands is steadily falling. The report suggests that this may lead to greater and larger adoption of cybersecurity, as well as, more police oversight into such cases. According to Coveware, a ransomware recovery firm, the share of victims willing to pay ransom to cyber criminals dropped to 28 per cent in the beginning of 2024, compared to 85 per cent in 2019 during the same period.
Therefore, hackers are more likely to shift focus to only larger organisations, as they can afford ransom payout.
"In response to declining revenue per victim, cyberattackers are trying to wring greater profit from their attacks by demanding higher ransoms. We believe they are accomplishing this by shifting tactics and targeting larger businesses that can afford higher payouts," Moody's said.
While larger businesses may have more sophisticated securities in place, their business risks in case of ransomware remain high, the report added.
More From This Section
Hackers target finance, tech, health, and logistics
Hackers are increasingly focusing on high-value industries such as finance, technology, healthcare, and logistics, all of which have valuable data and are integral to global supply chains.
Financial institutions, in particular, are under constant threat due to their involvement in managing large amounts of money, investment data, and transactional information. By targeting key players within the supply chain, cybercriminals can unlock access to a wide range of sensitive financial and client data, with potentially massive returns from either direct theft or ransom.
How do cyber criminals attack supply chains?
Supply chain attacks occur when cybercriminals infiltrate a company by targeting a supplier, vendor, or any other third party that has access to the target organisation’s systems. These attacks exploit the trust relationships between businesses and their suppliers, gaining unauthorised access to data or systems without directly breaching the targeted company.
"As well-resourced organisations adopt more stringent cyber protection practices, cybercriminals often find the easiest attack path is through vendors that are typically not as well resourced. Consequently, these supply chain attacks have been growing rapidly," Moody's said.
Many companies rely on a complex network of suppliers, contractors, and service providers, each of which may have their own security protocols, some of which might be less stringent than those of the primary organisation. These vulnerabilities can create opportunities for attackers to exploit weak points in the chain.
GenAI-enabled phishing attacks
Phishing attacks have long been a primary method for cybercriminals to defraud organisations and their customers, and the advent of generative artificial intelligence (GenAI) has significantly amplified this threat. Phishing relies on sending deceptive emails or messages that trick individuals into clicking on malicious links or divulging sensitive information. GenAI tools, however, take this deception to a new level by generating personalised, highly convincing content that mimics legitimate communications from trusted entities.
A study published in March 2024 by the Institute of Electrical and Electronics Engineers (IEEE) found that 60 per cent of participants fell victim to phishing attacks powered by GenAI. Moreover, the entire process of launching a phishing attack can now be fully automated using GenAI, reducing operational costs by up to 95 per cent while maintaining or even increasing the effectiveness of these attacks. This automation has made phishing significantly more accessible to cybercriminals, leading to a sharp increase in attack volume.
Cybersecurity firm Zscaler reported a staggering 58 per cent rise in phishing attacks in 2023, following the public release of OpenAI's ChatGPT.
Preventing cyberattacks
As cyberattacks continue to grow, companies must adapt their cybersecurity strategies to prevent such breaches. Some of the key defence strategies include:
Enhanced vendor risk management: Companies should implement strict security requirements for vendors and require regular security audits to ensure third-party systems are secure.
Zero trust security model: The zero-trust approach, where no user or system is trusted by default, can help prevent unauthorised access even if a hacker compromises a third-party supplier.
Continuous monitoring and detection: Proactively monitoring the networks of suppliers and partners for any unusual activity can help detect potential breaches before they escalate into larger attacks.
Employee training: Employees must be educated on the risks associated with third-party vendors and how to spot suspicious activity related to potential breaches in the supply chain.