WatchGuard Blog

Ransomware: Attackers resort to old-school techniques and minimal investment

The modus operandi of cybercriminals is constantly changing. It comes as no surprise that, every so often, hackers switch up their methods to become more evasive.  

However, contrary to what we might imagine, these changes don’t always have to be innovative, or involve new attack strategies. Cybercriminals are increasingly opting to employ old-school techniques, and couple this with minimal investment. Although cybersecurity professionals are familiar with the preferred strategies of criminals, hackers are ramping it up by innovating in the ways they execute their attacks, such as moving from email to current technology platforms. All with the aim of maximizing the impact of their attacks while minimizing investment.  

On average, cybercriminals spend between $5,000 and $10,000 to carry out an attack. And in the case of SIM swapping, for instance, the initial outlay is even lower, currently between $1,500 and $2,500. By investing this modest sum, attackers can bypass SMS-based authentication and gain access to organizations and all their sensitive data. Considering the profits that can be made from these attacks, which can run into the millions, the hackers’ investment is minimal in comparison to the ill-gotten gains.  

Although attackers are investing less and less, their adaptability has made their habits more sophisticated, which allows us to establish two different behavioral profiles. On the one hand, there are hackers who decide to take fewer risks and simply focus on stealing information that they then offer for sale. On the other hand, there are attackers who expose themselves throughout the process by getting involved in all stages of the threat planning and execution. Regardless of the cybercriminal profile, we are faced with a changing and, above all, increasingly diversified scenario.  

Given this rapidly changing context, it is crucial for managed service providers (MSPs) to understand the cyberattack landscape and to know, prevent, protect and respond to any developments that may emerge.  

MSP: How to continue preventing ransomware attacks? 

Customer security should be the top priority for any MSP. Achieving this means offering solutions that provide robust protection for company systems and shield them from malicious actors. 

Ransomware primarily uses the endpoint as a gateway to company networks. This is because cybercriminals are aware that many employees do not have strong cybersecurity habits and that these devices are the weakest link in the chain. This is why it is crucial to implement additional layers of security to reinforce protection, such as tools that shield users' identities, helping to prevent credential theft and unwanted access to customer networks.  

One of the most effective solutions to achieve this goal is multi-factor authentication (MFA), which is a basic method for controlling access to a company's networks. With MFA, the user must prove their identity more than once, first with a password, followed by a push notification on their device, a QR code, or an OTP.  

But how do you know what to look for in an MFA solution? Here are a few things MSPs should consider:    

  • Single Sign-On (SSO): 

    Allows web access to be managed through a single portal where users can log on to multiple independent applications using a single set of credentials. SSO is an ideal complement to MFA solutions to reduce the risk of identity-based attacks. 

  • Cloud solution management:

    Having an MFA solution that is easy to manage is key to ensuring its effectiveness. Through a centralized system in the cloud, MSPs can simplify the management of this type of solution significantly, without sacrificing robust protection. 

  • Special protection system for MFA: 

    As with other solutions, multi-factor authentication systems are also targeted by cybercriminals. "SIM swap" exemplifies an issue of growing concern to experts. It involves fraudulently duplicating a mobile phone SIM card, thus compromising the effectiveness of the MFA. This is why device security must be entrusted to a tool that is reinforced with a special protection system.  Solutions such as AuthPoint MFA incorporate a system that makes use of the mobile device's DNA to verify the user's phone, reducing the margin of error and impersonation to a minimum in cases of "SIM swap" and similar attacks. 

Ultimately, solutions focused on device protection, coupled with more robust network protection and best practices, help to establish a sophisticated and effective cybersecurity system for MSP customers, significantly reducing the likelihood of ransomware attacks.  

If you would like to learn more about ransomware and how to protect yourself, be sure to check out the following posts on our blog: