Ransomware attackers are growing bolder and using new extortion methods

3 years ago 587

IT and OT environments are expanding targets and menace actors are utilizing Dark Web forums to motorboat cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report.

hackers-ransomware.jpg

Image: Shutterstock/MicroOne

It's hardly astonishing that menace actors are pervasive and aggressive, but a caller study finds successful the archetypal fractional of 2021, they person been investigating caller extortion methods, targeting captious infrastructure concern operations continuity successful particular. This was 1 of 4 cardinal trends identified successful Accenture's 2021 Cyber Threat Intelligence Report.

The study besides identified the emergence of the Cobalt Strike, commodity malware invading operational exertion from the IT abstraction and Dark Web actors challenging IT and OT networks arsenic the 3 different main cybersecurity trends.

Meanwhile, the White House is stepping up national efforts to combat home and overseas cyberattacks, and connected Thursday launched a ransomware task unit aimed astatine helping businesses and authorities and section governments combat cybersecurity threats.

SEE:  How to forestall ransomware attacks with a zero-trust information model  (TechRepublic)

The Accenture study highlights what the steadfast characterized arsenic the often unseen transportation betwixt the caller ecosystem, the Dark Web economy, ransomware disruptions, commodity malware and pirated bundle maltreatment and their collective, disruptive effects connected some IT and OT environments.

"Threat actors are connecting the dots to amended their tactics and collaborate with each different to instrumentality vantage of an evolved ecosystem," Accenture said successful a blog. "Not lone person we seen accrued unit from threats related to distant moving vulnerabilities, but besides cybercrime actors person profited from the important roles played by section government, healthcare and proviso concatenation providers.

The study recovered that:

  • Dark Web forums are a feeding crushed for caller menace actors. Online forums are making it easier and cheaper than ever for newcomers to motorboat cybercrime operations. Along with accepted commerce successful malware logs, menace actors are selling parser tools that much easy compile logs, credentials, certificates and cookies. Such tools assistance different menace actors, including inexperienced ones, make caller campaigns and presume the identities of morganatic users successful a people network.

  • Ransomware actors are increasing bolder. They are targeting manufacturing and a scope of captious infrastructure sectors—from financial, to energy, to nutrient accumulation worldwide—using high-pressure tactics to escalate corruption consequences. Increasingly, they deploy aggregate unit points astatine erstwhile to extract ransom payments.

  • Threat actors are abusing pirated versions of the commercialized penetration investigating model Cobalt Strike. Their usage of this acquainted instrumentality for malicious purposes adds to the perennial arsenal of commodity malware—an enduring diagnostic of cybercrime operations that spreads easy wrong unfortunate networks.

Hidden threats and outgo pressures

The Accenture study noted that accusation is casual to buy—-and adjacent easier to use. Since the opening of the year, determination has been a "slight but noticeable summation successful menace actors selling malware logs" connected the Dark Web, which incorporate information from information-stealing malware. Information stealers cod and log respective types of data, including strategy information, web browser bookmarks, web league cookies, login credentials and outgo paper numbers.

The planetary ransomware situation has entered a caller signifier with menace actors adopting stronger unit tactics and attacking targets specified arsenic manufacturing and captious infrastructure, the blog said.

There are 4 techniques ransomware actors use: Local denial of entree (encryption); leak extortion (also known arsenic "name and shame" tactics); distributed denial-of-service (DDoS); and interaction with a victim's customers.

"To wage oregon not to wage ransoms is inactive a large question successful galore people's minds," the blog stated. "Accenture has reinforced United States national government guidance: Don't wage ransoms. Companies could beryllium taxable to fiscal penalties if they inadvertently wage a sanctioned entity and cannot warrant the instrumentality oregon deletion of stolen data.

Instead, organizations should absorption connected prevention and recoverability: Protect against commodity malware; enactment alert for Dark Web income of stolen credentials; conception systems to minimize the lateral question of ransomware; deploy bully logging systems to observe anomalous web behavior, and make backups and playbooks to fortify operational resilience.

Be proactive and enactment accelerated

When a breach occurs, Accenture recommends reacting quickly, moving with ineligible counsel and applying incidental effect and communications champion practices. With each these trends happening together, it tin beryllium a peculiarly worrying clip for OT and captious infrastructure providers. Three imaginable things to retrieve are:

1.       Preparation and preventative measures are paramount. In concern OT, conscionable arsenic successful purely IT environments, erstwhile these measures are neglected oregon fail, menace mitigation becomes reactive, focusing connected triage and response.

2.      Threat actors' usage of easy purchased commodity malware, if not detected quickly, tin assistance an adversary bargain clip to traverse from IT to OT networks.

3.      DarkSide ransomware usage against a captious infrastructure people is simply a reminder that OT environments are successful the crosshairs.

"For OT and captious infrastructure and cardinal resources providers successful the United States, the Executive Order connected Improving the Nation's Cybersecurity issued successful May 2021 goes a agelong mode toward addressing these threats and trends," Accenture said.

Providers are hitting backmost arsenic they enactment to amended bundle design, unafraid proviso chains, put successful much easy secured integer technologies, amended cybersecurity absorption and enactment much transparently with authorities counterparts to thrust a much unchangeable concern environment, Accenture said.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article