In the wake of headline-grabbing cyberattacks at several well-known companies in recent months, business owners in southeastern Wisconsin may be wondering if they are becoming more prevalent or harder to prevent. In October, La Crosse-based Kwik Trip announced it was working through a “network incident” that caused a disruption to some of its systems, including
Already a subscriber? Log in
To continue reading this article ...
Subscribe to BizTimes today and get immediate access to our Insider-only content and much more.Learn More and Subscribe Now
Bolstad[/caption]
Over the past year, there has been a “larger rise” in the number of cyberattacks – specifically ransomware attacks, said Keegan Bolstad, sales manager at Milwaukee-based Ontech Systems.
What’s driving the uptick in ransomware attacks is an emerging underground business model known in the cybersecurity world as “ransomware as a service,” or RaaS. With the rise of artificial intelligence, Bolstad explained, cybergangs are now shifting away from executing cyberattacks themselves to instead supplying their ransomware know-how to other less-sophisticated hackers.
“They sold their toolset, they sold their knowledge as a service to others,” he said.
In the past, only highly trained individuals were equipped to carry out cyberattacks, but now it’s easier than ever for the average cybercriminal to go online and purchase hacking tools, along with step-by-step directions.
[caption id="attachment_585474" align="alignright" width="300"]
Olson[/caption]
“You can basically buy kits to do all of this and they’re very inexpensive. There are kits for less than $1,000. If you trip up one person, one company, you can make your money back tenfold,” said Jared Olson, security team lead at Ontech.
Another factor driving the trend is ransom payment. Even though many cybersecurity firms advise against paying ransom to cybercriminals, companies – often at the guidance of outside counsel, such as insurers – continue to pay ransoms, in turn providing a financial incentive for criminals to continue carrying out attacks.
Artificial intelligence is also making it easier to automate cyberattacks, meaning criminals can hit several organizations at once with ease.
U.S. companies reported 3,122 data breaches in 2023 – up 75% from 2022 – impacting a total of 349,221,481 individuals, according to the Identity Theft Resource Center’s Annual Data Breach Report. The vast majority of the data breaches were linked to cyberattacks, with health care, financial services, professional services, manufacturing and education as the top industries impacted.
[caption id="attachment_585472" align="alignright" width="300"]
Knutson[/caption]
“AI can be used for a lot of awesome things to make our lives easier,” said Amanda Knutson, supervisory special agent at the FBI’s Milwaukee field office. “It’s also going to make (criminals’) lives easier.”
She explained that most cyberattacks attempted today rely on social engineering, basically psychological and/or emotional manipulation, and AI will make it harder to parse out these attacks.
For example, phishing email schemes that have traditionally looked suspicious – with obvious spelling or syntax errors, usually because the sender is a non-English speaker – won’t be so easy to spot now with the use of AI.
The same thing could happen with voice messages created using AI, Knutson said. Adding yet another layer of deception to cyberattacks, voice cloning technology that uses artificial intelligence to create fake audio recordings have become so prevalent, the Federal Trade Commission recently placed a ban on robocalls that use AI-generated voices. The FCC made this decision after a fake robocall imitating President Joe Biden was sent out to voters in New Hampshire, according to a Reuters article.
Preventative measures
There is some good news for business owners amid heightened risk of cyberattack threats. You likely won’t have to completely change your cybersecurity system to contend with some of these modern threats. You just need to make sure you’re doing the basics well.
[caption id="attachment_585469" align="alignright" width="300"]
Lutgen[/caption]
“It really starts with making sure an organization understands their own risk tolerance,” said Brad Lutgen, partner at Madison-based Ghostscale. “We don’t see enough organizations formalizing a risk assessment and risk register process.”
This would involve a company focusing its cybersecurity budget on the areas that impact the business the most. Through a risk assessment, a business can find out what cyberattacks it is most at risk for and which threats could cause the greatest financial and reputational harm. Once a business knows those risks, it can prioritize them by cost.
Ghostscale also uses something called a stack attack as a preventative measure. The company takes data remnants from data breaches it’s helped investigate and works with its client to put that data on their network. Then, Ghostscale can test the tools a client has bought from various security vendors to make sure they are configured properly.
A strong incident response plan could be the difference between losing access to your internal systems for just a couple of days, as opposed to several weeks, said Lutgen.
“Everyone has a limited budget, and you need to focus your budget on the areas that impact the business the most,” he said.
Ontech helps clients implement several preventative measures, including dark web research and mobile device security.
With the rise of remote work, and usage of multiple electronic devices, securing company data through encryption is key. Businesses should also have policies in place for devices, including how long they can be accessed after a period of sitting idle. If devices aren’t protected with strong passwords, it’s easier for criminals to access data, which could eventually end up on the dark web.
Bolstad said the FBI recently informed Ontech of several clients who may have their personal data listed on the dark web.
“That gives other threat actors the ability to log into the system remotely and those users have everything they would need to be able to carry out an attack,” he said.
What to do if you’re attacked
Once your personal information is put on the dark web, there isn’t too much you can do to remove it, according to Knutson. There are several free websites, including haveibeenpwned.com, where people can check to see if their personal information has been listed.
The FBI takes no official stance on whether a company should pay out a ransom, but generally does not advocate for payment.
“It’s a business decision, we’re not going to tell organizations what they should do,” said Knutson.
Ontech cautions against negotiating with cybercriminals. It makes even less sense to negotiate if an organization already has a valid data backup in place and its data exists safely elsewhere.
“Often times, they can’t prove that they really have anything, but their demands for some of these ransom requests to get the data back is significant,” said Olson.
Being in constant communication with a local FBI office can help companies that have been impacted by a cyberattack. The FBI can help businesses regain control of their systems after an attack and may have further insight for business owners. FBI offices across the country work collectively to solve cybercrimes, giving them greater insights into national trends.
“There is potential that we have certain pieces of intelligence that we could share with them that could help their decision makers in determining what they should do next,” said Knutson.
The FBI also issues cybersecurity advisories that highlight current trends and give businesses guidance on how to protect their systems and prevent attacks.