Cybercrime
,
Fraud Management & Cybercrime
,
Ransomware
Big Game Hunting Will Intensify in 2025, Says Credit Rating Agency
Improved cybersecurity will result in ransomware hackers targeting larger organizations to wring out high dollar extortion payments and intensified focus on supply chain attacks, predicts Moody’s Ratings.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Ransomware attacks continue to grow year-over-year, but the share of victims paying extortion money is falling – likely due to adoption of cybersecurity measures and business continuity plans, the credit rating agency said in paywalled research.
In response, ransomware gangs are prioritizing attacks against larger organizations, a shift that increases the potential for an event downgrading debt issuers’ credit rating. This year has been notable for law enforcement disruptions of ransomware groups including heavy weight LockBit and lesser groups such as Dispossessor – but the effect of those disruptions on the criminal underground are often “tactical and temporary,” an October think tank report concluded (see: Ransomware Task Force Details Impact of Disrupting Operators).
The focus on big game hunting is visible in data showing that the share of ransomware victims willing to meet criminal demands for money is at record lows while, simultaneously, ransomware groups are on track to have their best year ever in revenue. That estimate comes from analysis of cryptocurrency payments made to blockchain wallets linked to cybercriminals.
“We therefore expect more focused targeting on larger organizations to increase cyber risk for Moody’s rated debt issuers, since outstanding debt is concentrated in issuers with higher revenues,” the company warned. Massive payouts could also prompt higher loss ratios for cyber insurers, particular in the United States.
Improved defenses also means cybercriminals will likely look for weaknesses in the software supply chain, Moody’s said. “Cybercriminals often find the easiest attack path is through vendors that are typically not as well resourced.” The Identity Theft Resource Center recorded a three-fold rise in such attacks between and 2018, with famous examples including the Memorial Day 2023 attack by the the Clop ransomware group against instances of Progress Software MOVEIt file transfer software (see: Known MOVEit Attack Victim Count Reaches 2,618 Organizations).
More recently, a ransomware incident at supply chain software giant Blue Yonder caused major grocery store chains, Starbucks and other large organizations to experience disruptions. A ransomware group with the moniker “Termite” claimed responsibility Friday for the attack, asserting on its leak site to have stolen 680 gigabytes of data from Blue Yonder. The company said it is aware of the claims and are continuing to investigate the incident.
Supply chain attacks don’t’ only come in the form of hacking, Moody’s noted. Vast swathes of internet infrastructure as well as commercial Linux distributions rely on utilities often maintained by a bare bones crew of volunteers. Apparent nation-state hackers earlier this year inserted a backdoor into open-source data compression tool XZ Utils in an operation thwarted only at the last minute (see: Backdoor Found and Defused in Widely Used Linux Utility XZ). Harvard academics this year https://www.hbs.edu/faculty/Pages/item.aspx?num=65230″>calculated that open source has saved corporations in 2020 from spending $8.8 trillion. Open source is cost effective – but it relies on volunteers to fix vulnerable code, “which can leave it open to attack.”