In the wake of the recent LockBit ransomware attempt on Accenture, it seems it is a matter of “when” rather than “if” cyberattacks might darken an organization’s door.
Word spread earlier this month of an attempt by hackers to extort consulting firm Accenture to the tune of $50 million in exchange for restoring access to data the perpetrators of the LockBit attack allegedly got their hands on. Though Accenture has sent around some acknowledgement of certain irregularities it detected, the company seems nonplused by the incident and apparently restored its servers from backups and carried on with no stated impact.
Requests for further elaboration from Accenture on the LockBit incident have yet to be answered.
In this instance, the ransomware attack appears to have been neutered by the company’s backup game plan -- yet a security compromise did occur with the intent of denying access to data. It shows the possibility for even large organizations to be targets of cyberattacks.
“What we’ve seen is an increasing theme of attacks going towards larger, enterprise organizations,” says Simon Jelley, a general manager with Veritas, a provider of enterprise data protection. He says it was fairly common 18 months ago for smaller organizations and the public sector, such as education and government agencies, to be targets of ransomware attacks rather than enterprises.
Ransomware attacks, he says, now seem to have graduated to targeting large companies that have deeper pockets and with a potential for more data at risk possibly. Citing reports on the LockBit attack, Jelley says Accenture seems to have been aware of the possibility for such attacks and recovered in somewhat shorter order.
Furthermore, Accenture released a report at the top of the month about the “Triple digit increase in cyberattacks” -- without any mention of LockBit or the firm’s own experience with ransomware attempts.
Jelley says ransomware attackers, much like other cybercriminals, continue to become more sophisticated in their attempts to breach security. For example, the supply chain attack on SolarWinds began months in advance as the attackers played a “long game” to distribute the Sunburst malware. Naturally, this means organizations must respond by improving their threat detection and protection, Jelley says. “You also have to, secondarily, make sure you’ve got a recovery plan and you know what your plan of action is going to be,” he says.
Some commonalities remain in cyberattacks even as they become more sophisticated, Jelley says. For instance, attackers are likely to target weaker layers of infrastructure such as phishing attempts meant to dupe employees. Ransomware and other types of attacks continue to get better at mimicking corporate emails or social media links, he says. “LockBit looked like a legitimate kind of reference to customers and their employees, which gave them access to the targeted networks.”
What stood out to Jelley about the LockBit attack was it represented a mercenary shift in how malicious cyber activity can play out. The minds behind the LockBit ransomware seemed to lease that code to third parties, he says, who then put it to work. “They’re offering the services they developed and hiring out their expertise to figure out the quickest way to gain access to a company or corporate network,” Jelley says. “That’s been a definite shift. It’s kind of like a two-tier supply market in terms of how ransomware is developing.”
Though Accenture seems to have rolled the LockBit attempt off its back, ransomware remains part of the threat landscape, Jelley says. “Software is always playing catch up to who’s the next smartest hacker that tries to break into infrastructure.” Even if a company can recover data from backups, the risk persists of a hacker publishing potentially sensitive data, he says.
“Organizations should see themselves as potential targets,” Jelley says. The continuous improvement of security software may be an important step for organizations, he says, though that might not be enough to defend and minimize the effect of ransomware. “Test your recovery so you know you can get your data back and ultimately don’t have to pay that ransom.” Jelley says.