The cybersecurity threat landscape has witnessed a dramatic and alarming rise in average ransomware payouts exceeding 500%. Sophos, a global leader in cyber security, revealed in its annual State of Ransomware 2024 report that the average ransom payment rose 500% over the past year, with organizations that paid ransoms reporting an average payment of $2 million, up from $400 000 dollars last year. 2023. Separately, RISK & INSURANCE, the insurance industry’s leading media source, recently reported that average foreclosure claims soared to $20 million in 2023 from $1.4 million in 2022, and payouts skyrocketed to 6, $5 million in 2023 from $335,000 in 2022. well over 500%.
This shocking surge is a testament to the increasing sophistication of cyberattacks and the significant vulnerability inherent in outdated security practices. The most significant factor contributing to this trend is the widespread reliance on twenty-year-old multi-factor authentication (MFA), which is proving to be completely inadequate against today’s cyberattacks. Moreover, the introduction of Generative AI has enabled cybercriminals to create extremely convincing phishing attacks, making them virtually undetectable even by well-trained users. This article explores the reasons behind the rapid growth in average ransomware payments, the shortcomings of legacy MFA, and the need for next-generation MFA solutions.
Three factors that contribute to the increase in ransomware payments
Better targeting of cybercriminals
In pursuit of ever-increasing ransom payments, cybercriminals have refocused their efforts and tactics to identify and cripple organizations where they can cause the most disruption to operations to extract the largest ransom payments. Examples include MGM’s $100 million loss, Change HealthCare’s $1 billion-plus loss, and CDK Global’s yet-to-be-determined loss. Cybercriminals are acutely aware of these economic calculations and use them to demand exorbitant amounts, knowing that victims will likely comply to minimize losses. This is a simple but painful business decision for the victim.
Using Generative AI in Phishing Attacks
Generative AI technologies have revolutionized the way cybercriminals create phishing emails. These tools create highly persuasive and personalized phishing messages with no grammatical or spelling errors that are indistinguishable from legitimate messages. By analyzing massive amounts of data, Generative AI can mimic writing styles, create believable scenarios, and precisely target people. These attacks convincingly mimic emails from trusted sources, complete with accurate branding and contextually relevant information. Organizations that rely on employee training as a defensive strategy are increasingly seeing a diminishing return on their investment.
Protect your organization from rising ransomware losses with phishing-resistant MFA. Download the white paper “Protect your data with Phishing-Resistant MFA” to learn how next-generation wearable MFAs can protect your sensitive information and overcome the shortcomings of legacy solutions.
Outdated security practices
For decades, multi-factor authentication (MFA) has been a cornerstone of perimeter security, designed to increase the protection of corporate networks by requiring multiple forms of verification. However, legacy MFA systems, including knowledge-based authentication (KBA), one-time passwords (OTPs), and authentication applications developed twenty years ago, are becoming increasingly inadequate against today’s cyberattacks. Legacy MFA has been defeated by the vast majority of successful ransomware attacks. Legacy MFA is now rapidly compromised by cybercriminals in the following ways.
- Phishing attacks: Attackers trick users into providing their MFA credentials using fake login pages or social engineering tactics.
- SIM Swap: Attackers convince a mobile operator to port a victim’s phone number to a SIM they control by intercepting SMS-based MFA codes.
- Man-in-the-Middle (MitM) attacks: Attackers intercept communication between a user and an online service by capturing MFA tokens and using them for authentication.
- Malware: Malware on a user’s device can capture authentication tokens, passwords, or keystrokes, allowing attackers to bypass MFA.
- Other social engineering: Attackers can manipulate individuals into revealing their MFA credentials or performing actions that bypass MFA controls.
- Session hijacking: Attackers gain access to an active session token (for example, via XSS, CSRF attacks, or session capture) and use it to bypass MFA. Once they receive the session token, they can impersonate the user without having to re-authenticate.
- Using the account recovery process: Attackers exploit weaknesses in the account recovery process to reset a user’s MFA settings, often bypassing MFA.
Arguments for implementing next-generation MFA
To effectively combat the virtual tsunami of ransomware attacks, organizations must consider next-generation phishing-resistant MFA technologies. These advanced solutions include a number of sophisticated authentication factors, including biometrics (such as fingerprints and facial recognition), making it much more difficult for cybercriminals to replicate or hack. This is all the more relevant when you consider that Verizon’s data breach report consistently reports, that more than two-thirds of breaches are the result of compromised credentials, and the Cybersecurity and Infrastructure Security Agency (CISA), an agency of DHS, reports that 90% of successful ransomware attacks are the result of phishing attacks.
The importance of biometrics
Biometric authentication uses unique physical attributes of authorized users, such as their fingerprints, facial characteristics, and other features that are extremely difficult to counterfeit or steal. Biometrics play a critical role in next-generation multi-factor authentication (MFA) due to several key benefits and unique characteristics:
- Unlike passwords or tokens, biometrics are unique to each individual and extremely difficult to duplicate or steal.
- Biometric data is inherently tied to an individual, making it impossible to share or transfer, reducing the risk of credential theft.
- Biometrics eliminate bad passwords and help reduce the risks associated with weak, reused, or compromised passwords, which are common attack vectors.
- Biometrics are immune to phishing attacks as they cannot be easily captured or entered on fake websites.
- Biometrics help reduce fraud by ensuring that the person accessing the system is who they say they are, preventing identity theft and unauthorized access.
User-friendliness is very important
Biometrics offer a fast and seamless authentication process, often requiring just a scan or touch, improving the user experience. There are no passwords for users to remember or keys to avoid being lost. This reduces the burden on users and minimizes errors, crashes and support calls.
- If an MFA solution is easy to use, more users are likely to adopt it. Complex or cumbersome processes deter users from implementing and supporting organizational security measures.
- Users are more likely to follow security protocols and use MFA consistently if it seamlessly integrates into their daily routines without causing disruption.
- Simplified MFA processes reduce the chance of user errors, such as entering wrong codes or misplacing tokens. This results in fewer lockouts and support calls, saving the organization time and resources.
- A comfortable MFA promotes a positive attitude towards security policy and the IT department. Satisfied employees are more likely to take safety precautions.
- Quick and easy authentication processes ensure that employees can access the resources they need without unnecessary delays, maintaining productivity levels.
In summary, user-friendliness in MFA solutions is critical to ensuring high levels of adoption, reducing errors and support costs, improving security, maintaining productivity, and improving overall user satisfaction. By balancing security and ease of use, organizations can create an effective security environment that is both effective and user-friendly.
Choosing the right MFA solution
By choosing the appropriate anti-phishing, MFA of the next generation the decision requires careful consideration of the organization’s unique requirements. Factors to consider include the types of authentication factors supported, integration capabilities, ease of use, and scalability. Organizations must choose solutions that balance security, convenience, and flexibility.
Implementation of next-generation MFA should be phased in to minimize disruption and ensure a smooth transition. This phased approach allows for thorough user testing and acclimatization.
The cybersecurity landscape is constantly evolving, as are an organization’s security measures. Continuous monitoring and regular updates are critical to maintaining the effectiveness of next-generation phishing-resistant MFA solutions. Organizations must establish a framework for continuous security assessment, system updates, and threat intelligence integration to stay ahead of emerging threats.
Conclusion
The sharp increase in ransomware payments is a stark reminder of the changing cyber threat landscape and the urgent need to improve security measures. The failures of MFA’s twenty-year-old antiquated systems are a major factor contributing to this alarming trend. As cyberattacks become more sophisticated, particularly with the use of Generative AI to craft highly persuasive phishing messages, organizations must move beyond outdated security practices and embrace next-generation MFA technologies. By implementing advanced authentication methods, implementing adaptive security measures, and ensuring seamless integration with their security infrastructure, organizations can significantly improve their protection against ransomware attacks. The transition to next-generation phishing-resistant MFA is not just a technology upgrade; it is a strategic imperative to protect critical data, reduce the risk of catastrophic financial loss, and ensure operational resilience in the face of escalating cyber threats. In the fight against ransomware, the message is clear: old MFA systems are no longer sufficient.
Learn more about how Token’s next generation MFA can stop phishing and ransomware from harming your organization at tokenring.com
