Critical Infrastructure Organizations Hit by Over 40% of Ransomware Attacks, with Rising Financial Losses and Underreporting, according to FBI
According to the FBI’s 2023 Internet Crime Report, more than 40% of the ransomware attacks reported to the FBI in 2023, targeted critical infrastructure organizations.
From the 2,825 reported attacks, 1,193 impacted these organizations, marking a growth from one-third of attacks year over year. Financial losses from these attacks surged by 74% to nearly $60 million, with the number of attacks also rising by 18% from the previous year.
As stated, phishing attacks topped the chart, followed by personal data breaches, nonpayment or non-delivery of goods, extortion, and tech support fraud. Notably, this order of prevalence has remained unchanged in recent years, pointing towards a persistent set of threats to digital security.
Every year, the FBI’s Internet Crime Complaint Center (IC3) receives thousands of complaints and compiles them into an annual report to shed light on cybercrime trends. In 2023, IC3 received a record 880,418 complaints, with losses exceeding $12.5 billion. These figures signify a 10 percent increase in complaints received and a 22 percent increase in losses suffered compared to last year’s report.
The FBI acknowledges that these figures are conservative regarding 2023's cybercrime. For instance, when the FBI infiltrated the Hive ransomware group's infrastructure, it discovered that only about 20% of Hive's victims had reported it to law enforcement. Increased reporting from victims would provide the FBI with superior insight.
The healthcare sector suffered more ransomware attacks than any other critical infrastructure sector last year.
Ransomware operators extensively target certain critical infrastructure sectors like healthcare and manufacturing, but no industry is spared. Of the 16 critical infrastructure sectors, 14 had at least one member succumb to a ransomware attack in 2023, according to the FBI's Internet Crime Complaint Center reports.
“Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate,” IC3 noted.
Cybersecurity is the ultimate team sport, and we are in this fight together.
Relevance:
Ransomware Campaigns
Mitigations:
Implement a cybersecurity user awareness and training program that includes guidance on how to identify and report suspicious activity (e.g., phishing) or incidents.
Implement phishing-resistant MFA for all services, particularly for email, VPNs, and accounts that access critical systems.
Do not expose services, such as remote desktop protocol (RDP), on the web. If these services must be exposed, apply appropriate compensating controls to prevent common forms of abuse and exploitation. All unnecessary OS applications and network protocols are disabled on internet-facing assets.
Regularly patch and update software and operating systems to the latest available versions.
Ensure all on-premises, cloud services, mobile, and personal (i.e., bring your own device) devices are properly configured and security features are enabled.
Implement application allowlisting to restrict the execution environment and set up allowlisting for business roles. Additionally, create an inventory of existing configurations, policies, and installed software on each host. If the host does not require a specific piece of software, uninstall it to limit the tools available.
Create, maintain, and regularly exercise a basic cyber incident response plan (IRP) and associated communications plan that includes response and notification procedures for ransomware and data extortion/breach incidents. Ensure a hard copy of the plan and an offline version is available.
Reference
Kapko, M. (2024, March 11). Ransomware attacks are hitting critical infrastructure more often, FBI says. Cybersecurity Dive. https://www.cybersecuritydive.com/news/ransomware-hitting-critical-infrastructure-fbi/709814/?&web_view=true
Federal Bureau of Investigation. 2023 Internet Crime Report. In 2023 Internet Crime Report. https://www.ic3.gov/media/pdf/annualreport/2023_ic3report.pdf
CISA, MS-ISAC, & U.S. Joint Ransomware Task Force (JRTF). (2023). #StopRansomware Guide [Guide]. In TLP:CLEAR. https://www.cisa.gov/sites/default/files/2023-10/StopRansomware-Guide-508C-v3_1.pdf
How can CyberForce|Q services help you address this risk?
Incident Response is a time-based situation and CyberForce|Q can assist with a potential incident in your environment. Our experienced Incident Response Team can be deployed 24x7x365 – reach out to solutions@cyberforceq.com.
Learn more about CyberForce|Q.