Cybersecurity Cloud & Data

The Rise of RaaS: With Conti attacking Costa Rica govt vulnerability is in the limelight

With awareness of Conti increasing, governments and businesses are equally feeling the ransomware heat. Higher spends on cybersecurity will become eminent even as digitised identity verification becomes indispensable, especially in e-government scenarios.

Conti is the latest kid on the ransomware block, observed since 2020 and believed to be distributed by a Russia-based group. All versions of Microsoft Windows have already been affected. In May, the US government offered a reward of up to $10 million for information on the group.


Read more: Russia Ukraine war cyber effect: Russia most targeted country of ransomware, says ESET telemetry


For the past two months, Conti crippled parts of Costa Rica, apparently rewriting the rules of cybercrime. This attack that has caused Costa Rica’s healthcare to come to a standstill, with 27 government bodies reeling, marks the rare incident of a ransomware group targeting a country’s government.

Conti has even called for the Costa Rican government to be overthrown.

Governments, especially in a post-pandemic world, are gearing up to digitise their processes, such as identification. While that’s all good, security is indispensable

“This is possibly the most significant ransomware incident to date,” The Wire quoted Emsisoft threat analyst Brett Callow. “I can’t recall another occasion when an entire federal government has been held to ransom like this—it’s a first; it’s quite unprecedented.”

What this incident shows is that it’s not just business organisations that have to watch their back, or their screens. Governments, especially in a post-pandemic world, are gearing up to digitise their processes, such as identification. While that’s all good, security is indispensable.

Not Just Businesses

So far, its businesses around the world that have been dealing with the Conti group. The recent Akamai Ransomware Threat Report shows that with the rise of Ransomware-as-a-Service (RaaS) attacks, including from the Conti ransomware gang, 60% of successful Conti attacks were conducted on US companies, while 30% occurred in the European Union.

An analysis of the industries attacked highlights the risk of supply chain disruption, critical infrastructure impact, and supply chain cyberattacks.

Most successful Conti attacks target businesses with $10-250 million in revenue, indicating a “goldilocks” range of successful attack targets among medium and small businesses

Most successful Conti attacks target businesses with $10-250 million in revenue, indicating a “goldilocks” range of successful attack targets among medium and small businesses.

According to the Akamai Web Application & API Threat Report, through the first half of 2022, there were significant increases in web application and API attacks across the globe, with more than nine billion attack attempts to date.

Web application attack attempts against customers grew by more than 300% year over year in H1, the largest increase Akamai has ever observed. Commerce is the most impacted vertical, accounting for 38% of recent attack activity, while technology has seen the most growth so far in 2022.

More than 1 of 10 monitored devices communicated at least once to domains associated with malware, ransomware, phishing or command and control

Akamai also found that more than 1 of 10 monitored devices communicated at least once to domains associated with malware, ransomware, phishing or command and control (C2).

Phishing traffic showed that most victims were targeted by scams that abused and mimicked technology and financial brands, which affected 31% and 32% of the victims, respectively.

According to research that analysed more than 10,000 malicious JavaScript samples — representing threats like malware droppers, phishing pages, scammers and cryptominers’ malware — at least 25% of the examined samples used JavaScript obfuscation techniques to evade detection.

Increased Cyber Spend to Compete

It’s no wonder that the value of enterprise cybersecurity spend is expected to exceed $226 billion in 2027, up from $179 billion in 2022, according to a Juniper Research study. This growth of 26% over the next 5 years reflects the increasing maturity of the cybersecurity market, which continues to evolve as new threats emerge.

Cybersecurity spend is expected to exceed $226 billion in 2027, up from $179 billion in 2022 … This growth of 26% over the next 5 years reflects the increasing maturity of the cybersecurity market, which continues to evolve as new threats emerge

Another new research found remote working and cloud computing being implemented by businesses, from small to multinational, which increases attack vectors available to cybercriminals. The report identified machine learning as a key requirement within cybersecurity solutions, improving response times and combatting evolving tactics of cybercriminals.

The answer is that cybersecurity vendors partner with smaller, specialised cybersecurity vendors to acquire new data sources and point solutions and offer services like unified threat management to maintain relevance in this highly competitive market.

Govt. Digital Transformation Demands More Security

With digital transformation on the rise, governments around the globe are expected to invest in more digital processes. For example, according to a study, the number of users of digital identity documents globally will exceed 6.5 billion by 2026, from 4.2 billion in 2022.

Governments must work with verification vendors to secure this high-risk fraud avenue

This growth has been accelerated by the pandemic and reflects the growing importance of digital identity in sectors such as government services. This ongoing digitisation is a prerequisite for many digital initiatives within eGovernment and will allow significant digital enablement over the next five years.

However, as government-issued documents are critical to identity processes, any compromising of these documents can be risky. Thus, such governments must work with verification vendors to secure this high-risk fraud avenue.


Read more: Expert speak: How to safeguard BFSI cybersecurity


In any case, there is no escaping identity verification. According to another study, the increased demand for digital onboarding frameworks in the face of the ongoing pandemic will accelerate the uptake of digital identity services. Meanwhile, revenue for digital identity vendors will exceed $53 billion globally in 2026, doubling from $26 billion in 2021.

This is just a small part of the vast government machinery that is all set to be digitised. At every step, security needs strengthening even before nations fall prey to RaaS such as Conti.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Is AI Hitting a Plateau? The Scaling Debate OpenAI Prefers to Avoid

I think OpenAI is not being honest about the diminishing returns of scaling AI with…

9 hours ago

PayalGaming becomes India’s first female gamer to win an international award

S8UL Esports, the Indian esports and gaming content organisation, won the ‘Mobile Organisation of the…

17 hours ago

Funding alert: Tech startups that raked in moolah this month

The Tech Panda takes a look at recent funding events in the tech ecosystem, seeking…

2 days ago

Colgate launches AI-powered personalized dental screenings

Colgate-Palmolive (India) Limited, the oral care brand, launched its Oral Health Movement. The AI-enabled initiative…

2 days ago

The role of ASR in voice bots: Revolutionizing customer interaction through real-time recognition

This fast-paced business world belongs to the forward thinking organisations that prioritise innovation and fully…

3 days ago

Disrupting Fintech: How product studios are transforming financial services

In the rapidly evolving financial technology landscape, innovative product studios are emerging as powerful catalysts…

1 week ago