Cybercriminals Shifting Focus to Big Players for Higher Ransom Payouts: Moody’s Report

Ransomware attacks have seen a sharp rise over the past few years, with cybercriminals exploiting data to extract payouts from companies. A recent report by Moody’s indicates that these attacks are not only set to continue but are also evolving in their focus.

Hackers are increasingly targeting larger organizations, leveraging vulnerabilities in supply chains to access high-value targets. This shift, Moody’s warns, will significantly increase the potential credit impact for more rated companies.

Declining Willingness to Pay Ransoms

Ransomware Statistics Show a Complex Trend

Between 2022 and 2023, ransomware attacks surged by 70%, both in the number of incidents and the ransom demands. The highest ransom payout in 2024 was a staggering $75 million, nearly doubling the $38 million recorded in 2023. However, the willingness of victims to meet hackers' demands is on the decline.

According to Coveware, a ransomware recovery firm, only 28% of victims agreed to pay ransom in early 2024, compared to a staggering 85% in 2019. This decreasing trend reflects a growing awareness of cybersecurity practices and increased involvement of law enforcement in handling such cases.

Why Cybercriminals Are Targeting Larger Organizations

With fewer victims agreeing to pay, cybercriminals are adapting their strategies. Moody’s highlights:

“In response to declining revenue per victim, cyberattackers are trying to wring greater profit from their attacks by demanding higher ransoms. We believe they are accomplishing this by shifting tactics and targeting larger businesses that can afford higher payouts.”

While larger companies often have more robust security protocols, they also face significant risks due to the critical nature of their operations and the high-value data they manage.

Industries Under Threat: Finance, Technology, Healthcare, and Logistics

Hackers are focusing their efforts on industries with valuable data and integral roles in global supply chains. Key targets include:

• Financial Institutions: These are prime targets due to their vast reserves of sensitive financial and transactional data.

• Technology Companies: Tech firms often serve as infrastructure for numerous other industries, making them lucrative targets.

• Healthcare Providers: With vast repositories of personal and medical data, these institutions face escalating threats.

• Logistics Firms: Integral to global trade, logistics companies handle sensitive shipping and operational data that cybercriminals can exploit.

By compromising critical players within these sectors, attackers can extract high-value data or demand hefty ransoms.

Supply Chain Vulnerabilities: A Growing Concern

Supply chain attacks are becoming a preferred method for cybercriminals. These attacks exploit the trust between businesses and their suppliers, infiltrating target organizations indirectly. Moody’s explains:

“As well-resourced organizations adopt more stringent cyber protection practices, cybercriminals often find the easiest attack path is through vendors that are typically not as well resourced. Consequently, these supply chain attacks have been growing rapidly.”

How Supply Chain Attacks Work

Cybercriminals target third-party vendors, contractors, or service providers with weaker security protocols than the primary organization. Once inside, they can access the target’s systems or sensitive data without directly breaching their security. The complex network of suppliers many companies rely on often amplifies these vulnerabilities.

GenAI-Enhanced Phishing Attacks: A New Threat

Phishing has long been a staple tactic for cybercriminals, and the advent of generative artificial intelligence (GenAI) has made these attacks more sophisticated and accessible. Phishing attacks rely on deceiving individuals into clicking on malicious links or revealing sensitive information. GenAI tools amplify these efforts by creating highly personalized and convincing content that mimics legitimate communications.

Statistics on GenAI Phishing Attacks

• A March 2024 study by the Institute of Electrical and Electronics Engineers (IEEE) found that 60% of participants fell victim to GenAI-powered phishing attacks.

• Automation through GenAI reduces operational costs of phishing campaigns by up to 95%, while increasing their effectiveness.

Zscaler, a cybersecurity firm, reported a 58% rise in phishing attacks in 2023 following the release of OpenAI’s ChatGPT, underscoring the growing threat posed by AI-enabled cybercrime.

Strategies to Prevent Cyberattacks

To combat the growing threat of ransomware and phishing, companies must adopt comprehensive cybersecurity strategies. Key measures include:

Enhanced Vendor Risk Management

• Implement stringent security requirements for all vendors.

• Conduct regular security audits to ensure third-party compliance.

Zero-Trust Security Model

• Adopt a zero-trust approach where no user or system is trusted by default.

• This model helps prevent unauthorized access, even if third-party suppliers are compromised.

Continuous Monitoring and Detection

• Monitor supplier and partner networks for unusual activity.

• Early detection can prevent minor breaches from escalating.

Employee Training

• Educate employees on recognizing phishing attempts and the risks posed by third-party vulnerabilities.

• Training should focus on identifying suspicious activity and understanding the evolving tactics used by cybercriminals.