The scale and sophistication of a recent attack has left governments and organisations alike fearful of what may lie ahead in the world of cybersecurity.
Some 1,500 organisations across the world were impacted earlier this month in a ransomware spree hitting supply chains. It was thought to have originated from Russian-speaking group REvil.
Whilst the scale of the attack was worrisome, more of a concern was the level of planning that went into it, and the sophistication of its execution.
Typically, these higher-level, more skilful hacks are thought to be state sponsored; the smaller groups don’t usually show the same skills or attention to detail. However, this wasn’t the case for REvil – not least in their use of a zero-day deployment, which saw them exploit a vulnerability the victim (in this instance, IT management firm Kaseya) wasn’t even aware of.
Even the choice of victim showed the cybercrime group’s intent. By hacking Kaseya, they were able to gain access to a huge number of its customers and launch similar attacks further down the supply chain. This, NBC News said, could make REvil’s attack “potentially broader than any known criminal hack in history”.
This isn’t the first time REvil has launched such an attack, though. Last year it tried the same technique on a smaller scale, hacking a managed service provider in Texas before hitting 22 of its clients with similar attacks. In that instance, however, the state and federal government jumped in and managed to get all impacted locations back online without having to pay a ransom.
Cybersecurity researcher Jack Cable told NBC that it was the use of nation state methods by criminal groups that’s particularly worrisome.
“The difference here is REvil is financially motivated,” he said. “They’re criminals, so in many ways they have fewer boundaries. Ransomware groups don’t abide by the same rules, and in some ways we could see it have a larger impact.”
Cable went on to say that companies paying ransoms are only feeding the problem. Not only does this validate the work of the cybercriminals, it’s giving them resource to pump back into their operation to create increasingly advanced hacking techniques.
“It’s creating apex predators,” he warned.