Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

How Ransomware Gangs Automate Their Attacks

Automation is central to many organizations’ cybersecurity infrastructure. It streamlines routine tasks, accelerates response times, and keeps programs up to date— but simultaneously can bring similar benefits to the opposing side. As automated technologies become more accessible, cybercriminals are starting to capitalize on them.

This trend is most concerning in the field of ransomware. Ransomware is already the fastest-growing type of cybercrime, and often one of the most damaging. Cybercrime gangs can perform these attacks even faster and boost their success rate by applying automation across the attack lifecycle.

Automated Reconnaissance

Conducting a successful attack requires careful research into the target, which can be a slow, methodical process by manual means. However, just as automation can speed up inefficient tasks in the workplace, it can conduct research for ransomware gangs in far less time.

This automated reconnaissance can come in many forms. Some cybercriminals may use AI tools to scour the web for personal details on an employee to form more convincing spear-phishing attacks. Others use autonomous monitoring programs like keyloggers to gather login credentials from insiders.

More advanced ransomware gangs use penetration testing tools to scan for vulnerabilities within an organization. These automated tools can provide them the easiest way into a network in a fraction of the time it would take to find manually without being discovered, leading to faster-growing and more effective attacks.

Automated Phishing

After conducting this research, ransomware gangs can automate the initial attack. Because most ransomware starts with phishing, that typically means sending a phishing email, which automated tools can craft in less time and with better results.

Generative AI tools like the remarkably popular ChatGPT can craft convincing phishing emails so cybercriminals don’t have to. These AI-generated attacks may be more effective than conventional approaches, as well. In a 2021 test, security researchers found that AI-crafted phishing messages saw significantly higher click-through rates than human-written ones.

These tools’ efficacy, speed, and ease of use lower the bar for effective ransomware attacks. As they become more common, criminals with broader skill sets can initiate successful phishing attacks, leading to increased ransomware infections.

Automated Propagation

Once inside a business’s network, cybercriminals can use automation to spread ransomware as quickly as possible while remaining undetected. Propagation — the stage where ransomware files copy to other devices to compromise more of the network — is where most of the damage occurs. It’s also a blind spot for many organizations, as most protections focus on preventing the initial breach or the execution phase.

Some of the most infamous ransomware strains — like NotPetya and WannaCry — use automated propagation. This automation lets them move throughout the network without users in the target organization interacting with anything. As a result, they can spread faster and with less risk of detection.

Average ransomware remediation costs are rising in many sectors, and faster-spreading ransomware means considerably higher costs. Even comparatively early discovery and containment may fail to prevent extreme costs with these automated tools’ speed.

How to Defend Against Automated Ransomware

Automated ransomware poses significant threats, but there are measures you can take to protect against them. These attacks are more efficient and effective, but thorough cybersecurity measures can prevent them.

Even automated ransomware attacks still rely on social engineering or phishing more often than not. Consequently, the easiest way to avoid breaches remains the same. In-depth and regular cybersecurity training for all employees can keep users from interacting with phishing messages, stopping automatic propagation before it can occur.

You can also fight fire with fire by employing more automated security measures. Continuous network monitoring is critical, as these tools can match the speed of automated ransomware’s delivery and propagation. Manual discovery is too slow to keep up with these new attacks. Intelligent automation can give security teams an edge, using risk analysis and continuous improvement to stay on top of emerging threats.

Finally, you should recognize automation will inevitably make ransomware more challenging to deal with and thus a more likely scenario. Over half of organizations in 2021 suffered ransomware attacks and automation is only making these attack methods more accessible to criminals.

In the face of this trend, you can’t assume you’ll never experience a successful attack. Keep regular, encrypted, offline backups to reduce recovery expenses in a worst-case scenario. Hopefully, you’ll never have to use them — but they make a monumental difference when you do.

Automation Poses Both Benefits and Risks

Automation is a powerful tool, but it’s just that — a tool. Whether it causes harm or brings about good solely depends on the user.

Security specialists must recognize ransomware gangs can and do use advanced technologies like AI and automation. Acknowledging this growing threat is imperative and the first step to improving your defenses to stay safe.

Zac Amos
Zac Amos
Zac Amos is the Features Editor at ReHack, where he covers trending tech news in cybersecurity and artificial intelligence. For more of his work, follow him on Twitter or LinkedIn.

Related Posts

Industrial Control Systems Certification

An increasing number of intentional attacks are being detected that target industrial control systems (IC...
Nikhil Kapoor Jun 7, 2024 7:00:00 AM

Most Cybersecurity Teams Are Unprepared for AI Cyberattacks

Cybersecurity teams aren’t the only ones using artificial intelligence to their advantage — cybercriminal...
Zac Amos May 31, 2024 4:02:28 PM

Protecting Vital OT Infrastructure: Key Strategies for OT Penetration Testing

Operational technology (OT) cybersecurity faces significant challenges in maturing its operations and pro...
Mohannad AlRasan May 24, 2024 4:44:16 PM