Barracuda: Cities, Health Care, Education See Spike in Ransomware Attacks

COMPTIA CHANNELCON — As prevalent as it is in headlines, you knew it wouldn’t take long before artificial intelligence (AI) made its presence felt in how malicious hackers carry out ransomware attacks.

Neil Bradbury, SVP at Barracuda MSP, sat down with Channel Futures at this week’s CompTIA ChannelCon to discuss the results from the company’s latest “Threat Spotlight on Ransomware,” which takes a close look at how AI and generative AI have driven ransomware to new heights over the past year.

Threat actors are using increasingly sophisticated attacks thanks to the availability of AI, and the technology will continue to make life easier for them.

In the report, Barracuda researchers analyzed 175 publicly reported successful global ransomware attacks between August 2022 and July 2023. They found that the number of reported attacks among municipalities, the health care industry and education have doubled since last year and more than quadrupled since 2021.

Barracuda MSP’s Neal Bradbury

“If you look at municipalities, the amount someone spends on health care and education … their cybersecurity budgets are not as big as an enterprise, so from an attacker perspective, they’re low-hanging fruit,” Bradbury told Channel Futures. “So partners in these verticals need to pay attention and really start to invest in security.”

Businesses in these verticals often are “soft targets,” the report notes, seeing as how they are often resource-constrained, and attacks can have an immediate impact on people’s lives, particularly health care breaches.

AI’s Emerging Role in Ransomware Attacks

AI is becoming a weapon for cyberattackers thanks to its ability to make infiltration attempts appear to be more legitimate. Take a phishing email for instance: While spelling and grammatical errors often jump out as suspicious signs, AI can more easily eliminate those mistakes and make these types of contacts more evasive and convincing. It opens up a new world for novice threat actors, particularly for those whom English is not their first language.

Furthermore, Barracuda says ransomware attacks are using code-generation capabilities of generative AI to write malicious code for exploiting software vulnerabilities. As the entire process becomes easier, it opens the door for ransomware-as-a-service tools to run rampant, leading to a whole new wave of ransomware attacks.

The Barracuda report cites the doubling of these attacks in some verticals, but predicts that the number of unreported breaches is up dramatically as well. The company analyzed the threat landscape through the lens of Barracuda SOC as a service, and found all kinds of attack vectors, including business email compromise (BEC), ransomware, malware infection, insider threat, identify theft and data leakage. BEC, especially, is one the company is eyeballing closely.

“When [our researchers] looked at it, the most common of these attacks was business email compromise. So this just goes back to best practices, making sure you’re doing everything you can as an MSP to protect [customers]. You look at the MITRE ATT&CK framework and getting into the ‘kill chain,’ business email compromise is the start of something much worse. It can then turn into identity theft, then malware infection, and then ultimately leads to [threat actors] being able to extricate your data, which then allows them to hold it for ransom.”

Detecting and Preventing Ransomware Attacks

The priority, of course, for MSPs and other security-minded channel partners is to have the measures and tools in place so they can prevent their customers from being victims of a successful attack. That means implementing multilayered technologies that can include fighting AI with AI-powered email protection, zero-trust access, application security, and extended detection and response (XDR), to name a few.

That said, a strategy for recovery is just as important as prevention and detection. The 2023 Barracuda ransomware insights market report found that a whopping 73% of organizations have been victims of a successful attack.