Cybersecurity Incidents Are Intensifying – A Regional Example
It seems ransomware attacks are intensifying in the Adriatic region and worldwide (see CDK disaster). On Thursday, June 27th, the main hospital in the Croatian capital Zagreb turned off its IT infrastructure and applications while IT staff worked on recovering from an unspecified incident. Meanwhile, all critical business processes are being managed manually “on paper,” significantly disrupting operations.
Regardless of whether this incident involves ransomware or something else, it is apparent that unauthorized individuals have breached the hospital’s IT system. We will see the consequences in due time, hoping no valuable data has been infiltrated.
Why Are These Incidents Happening?
But what’s behind these incidents? It turns out today's cyberattacks thrive in certain environments: complex self-hosted infrastructure resistant to implementing multifactor authentication (MFA), combined with equipment and apps exposed on the public internet (such as VPN or RDP access) – a toxic mix that often goes unnoticed in the expert community as a key contributing factor to such attacks.
The Role of On-Premises Active Directory
Furthermore, an integral part of such IT infrastructure is too often an on-premises Active Directory, a typical "system requirement" for ransomware operators, who heavily rely on tools for lateral movement within such networks.
The “Elephant in the Room” in IT Security
The “elephant in the room” is that investments in IT security and infrastructure are often not productive or meaningful. Instead of modernizing, organizations are often sold legacy infrastructure repackaged as “cloud” but still relying on complex self-hosted equipment that requires ongoing maintenance and patching (involving virtual machines, VPN connectivity, etc.).
A Repeated Pattern in IT Infrastructure
As seen recently with another agency in Croatia, this pattern repeats: incrementally adding servers and equipment through procurement and budgetary cycles increases complexity and the potential for errors, without effectively raising the level of security. It is this complexity that threat actors thrive on – see, for example, the British Library ransomware attack as a case in point.
The Way Forward: Simpler IT Infrastructure
Organizations need to focus on simpler IT infrastructure with strong authentication by default, and the best way to achieve that is to outsource by moving to a cloud-native Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) consumption model. The cloud may present data security challenges on its own, but on balance, it’s a much more secure option against modern threat actors.