Security Market Segment LS
Monday, 21 November 2022 14:17

Criminals 'follow the money' by commercialising cybercrime, launching more 'innovative' ransomware attacks and doubling down on credential theft: Sophos Featured

By Staff Writer

Ransomware Remains One of the Greatest Cybercrime Threats to Organisations

The cyberthreat landscape has reached a new level of commercialisation and convenience for would-be attackers, with nearly all barriers to entry for committing cybercrime removed through the expansion of cybercrime-as-a-service, according to a new report from one cybersecurity company.

According to the 2023 Threat Report from Sophos ransomware remains one of the greatest cybercrime threats to organisations with operators innovating their extortion tactics, as well as how demand for stolen credentials continues to grow.

Sophos says  criminal underground marketplaces like Genesis have long made it possible to buy malware and malware deployment services (“malware-as-a-service"), as well as to sell stolen credentials and other data in bulk.

According to Sophos over the last decade, with the increasing popularity of ransomware, an entire “ransomware-as-a-service" economy sprung up- and now, in 2022, this “as-a-service" model has expanded, and nearly every aspect of the cybercrime toolkit—from initial infection to ways to avoid detection—is available for purchase.

“This isn’t just the usual fare, such as malware, scamming and phishing kits for sale,” said Sean Gallagher, principal threat researcher, Sophos.

“Higher rung cybercriminals are now selling tools and capabilities that once were solely in the hands of some of the most sophisticated attackers as services to other actors.

“For example, this past year, we saw advertisements for OPSEC-as-a-service where the sellers offered to help attackers hide Cobalt Strike infections, and we saw scanning-a-service, which gives buyers access to legitimate commercial tools like Metasploit, so that they can find and then exploit vulnerabilities.

“The commoditisation of nearly every component of cybercrime is impacting the threat landscape and opening up opportunities for any type of attacker with any type of skill level.”

Sophos says that with the expansion of the “as-a-service" economy, underground cybercriminal marketplaces are also becoming increasingly commodified and are operating like mainstream businesses - while cybercrime sellers are not just advertising their services but are also listing job offers to recruit attackers with distinct skills - and some marketplaces now have dedicated help-wanted pages and recruiting staff, while job seekers are posting summaries of their skills and qualifications.

“Early ransomware operators were rather limited in how much they could do because their operations were centralised; group members were carrying out every aspect of an attack. But as ransomware became hugely profitable, they looked for ways to scale their productions. So, they began outsourcing parts of their operations, creating an entire infrastructure to support ransomware. Now, other cybercriminals have taken a cue from the success of this infrastructure and are following suit,” said Gallagher.

“Indeed, as the cybercrime infrastructure has expanded, ransomware has remained highly popular—and highly profitable. Over the past year, ransomware operators have worked on expanding their potential attack service by targeting platforms other than Windows while also adopting new languages like Rust and Go to avoid detection. Some groups, most notably Lockbit 3.0, have been diversifying their operations and creating more “innovative” ways to extort victims.

“When we talk about the growing sophistication of the criminal underground, this extends to the world of ransomware. For example, Lockbit 3.0 is now offering bug bounty programs for its malware and ‘crowd-sourcing’ ideas to improve its operations from the criminal community.

“Other groups have moved to a ‘subscription model’ for access to their leak data and others are auctioning it off. Ransomware has become, first and foremost, a business,” said Gallagher.

According to Sophos the evolving economics of the underground has not only incentivised the growth of ransomware and the “as-a-service" industry, but also increased the demand for credential theft-andwith the expansion of web services, various types of credentials, especially cookies, can be used in numerous ways to gain a deeper foothold in networks, even bypassing MFA. Credential theft also remains one of the easiest ways for novice criminals to gain access to underground marketplaces and begin their “career.”

Sophos also analysed the following trends:

  • The war in Ukraine had global repercussions for the cyberthreat landscape. Immediately following the invasion, there was an explosion of financially motivated scams, while nationalism led to a shake-up of criminal alliances between Ukrainians and Russians, particularly among ransomware affiliates
  • Criminals continue to exploit legitimate executables and utilise “living off the land binaries” (LOLBins) to launch various types of attacks, including ransomware. In some cases, attackers deploy legitimate but vulnerable system drivers in “bring your own driver” attacks to attempt to shut down endpoint detection and response products to evade detection.
  • Mobile devices are now at the center of new types of cybercrimes. Not only are attackers still using fake applications to deliver malware injectors, spyware and banking-associated malware, but newer forms of cyberfraud have been growing in popularity, such as “pig butchering” schemes. And this crime is no longer just affecting Android users, but iOS users as well.
  • The devaluation of Monero, one of the most popular cryptocurrencies for cryptominers, led to a decrease in one of the oldest and most popular types of cryptocrime—cryptomining. But mining malware continues to spread through automated “bots” on both Windows and Linux systems.

To learn more about the changing threat landscape in 2022 and what it means for security teams in 2023, read the full Sophos 2023 Threat Report.

Read 1690 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




ENABLE HYBRID CLOUD & REDUCE NETWORK LATENCY WHITEPAPER

Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.


Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.

DOWNLOAD NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments