4 ways cybercrime is evolving as risks increase

-



 Cyberattacks continue to break new records and bad actors keep getting better at what they do. The only way organizations can truly defend themselves is by gaining an understanding of how cyber threats are evolving, acquiring the knowledge of how criminals are operating, and implementing security controls and defense mechanisms more proactively. Let’s explore some of the ways in which cybercrime has evolved in recent times to build a deeper understanding of the threat landscape in 2023.

  1. Ransomware evolves yet again

Ransomware continues to be one of the greatest threats to businesses and governments worldwide. Ransomware operators are continuously innovating and experimenting with new technologies. For example, researchers recently discovered that malware authors were rewriting ransomware code in new programming languages such as Rust to make their detection and reverse engineering even more difficult.

Ransomware extortion methods are also changing. Threat actors are selling stolen data through a subscription model or auctioning it off to the highest bidder, weaponizing leaked ransomware data to go after victims again, including their customers, partners and business associates (a.k.a. double or triple extortion). Victims are even being offered the option to conceal the breach.

Ransomware groups also seem to be reorganizing and rebranding themselves, due to increasing crackdowns and pressure from law enforcement. That said, 2023 data indicates that adversaries are showing no signs of letting up. In fact, threat actors appear to be targeting certain verticals more than others:  attacks on utilities, healthcare and consumer staples have increased by 150% since January.

2. Cybercrime-as-a-Service reaches a new level of commercialization

Now we have cybercrime-as-a-service breaking down nearly every single barrier of entry to the world of cybercrime. Tools and tactics once reserved for the most sophisticated threat actor are now within reach of nearly everyone on the dark web. From phishing kits to initial infection, from distributed denial of service attacks (DDoS) attacks to ransomware, and from infiltration to exfiltration — nearly every step of the attack chain is available as a cloud service.

For example, ransomware kits can be purchased for as little as $40 to a few thousand dollars a month and these services come with in-depth tutorials, software updates and help desk support. Cybercriminals are also advertising cybercrime jobs on the dark web for roles as varied as data analysts, malware developers, initial compromise hackers, reverse engineers, phishing email and web designers, malware testers, and IT administrators. No doubt, cybercriminals are operating like mainstream businesses. Organizations need to become more mature in their defense approach and capabilities.

3. The demand for info-stealers and credentials grows

Adversaries aren’t satisfied with stealing healthcare data or credit card information. They’re gunning after employee information, client information and login credentials. This is because there is growing demand in underground marketplaces from other threat actors that are looking to quickly gain access to usernames, passwords and multi-factor authentication (MFA) session cookies.

There are about 24 billion credentials available for purchase on the dark web and info-stealing malware is also available to rent in exchange for a share of stolen data or money. Stolen credentials offer cybercriminals true and tested methods through which to bypass security defenses, infiltrate target organizations and launch highly targeted attacks. As a result, attackers are spending more time in victim organizations, conducting reconnaissance, making lateral movements, looking for access to proprietary information, and discovering ways to disrupt critical systems and resources.

4. Attackers turn to LOLBins and vulnerable drivers to launch attacks

One of the biggest evolutions to have occurred in recent times is the use of LOLBins (or fileless attacks) as an attack vector. According to reports, cybercriminals have been leveraging legitimate system utilities like Powershell, .NET Framework, and Windows management instrumentation (WMI) processes to execute their misdeeds. LOLBins are favored by cybercriminals because such attacks leave no footprint on the victim’s machine and therefore are likely to go undetected. What’s more, LOLBins have broad permissions to make system-wide changes and also possess remote access and code execution capabilities. That’s not all, attackers have developed techniques to bypass EDR (endpoint detection and response) detection by exploiting vulnerable drivers and deconstructing how operating system kernels work.

How can organizations protect themselves against these evolving threats?

Organizations need to look at cybersecurity from a people, process and technology perspective. They need to focus on building a Zero Trust environment, implement granular access controls and deploy MFA at the very least. They need to lock down all potential attack surfaces, patch all internet-facing software, applications, drivers, cloud storage, devices and more, and validate their systems and security configurations regularly. They need to think about remote access especially now because many users work from home. They must focus on user awareness training, hands-on coaching and security behavior. Employees should be vigilant at all times, able to recognize smart phishing attempts, be aware of the latest cybercrime tools and tactics, and follow security best practices when dealing with anything online.

Last but not least, organizations must ensure backups are in place, incident response plans are drawn up and rehearsed, and cyber insurance secured. There is too much involved for any size organization to undergo this alone. Because cybersecurity is obviously complex, partnering with outside expertise for security policy and procedural guidance is practically mandatory. At best, it is more pragmatic to mitigate security incidents proactively than to have to deal with the fallout.

Reference: https://www.propertycasualty360.com/2023/05/02/4-ways-cybercrime-is-evolving-as-risks-increase/?cmp_share&slreturn=20230411031807

#ransomware #cybercrime #threats #attackers

AH

Comments

Post a Comment

Popular posts from this blog

CISA and ENISA enhance their Cooperation

-
Image
  The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness. Geopolitics have shaped the cyber threat landscape, bringing like-minded partners closer together in the wake of common cyber challenges and advances in digital technologies. Today at the EU-US Cyber Dialogue, ENISA and CISA announced the signing of their Working Arrangement as an important milestone in the overall cooperation between the United States and the European Union in the field of cybersecurity, also following the Joint Statement of European Commissioner Thierry Breton and U.S. Secretary for Homeland Security Alejandro Mayorkas of January 2023. ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach in international cooperation to those are
Read more

The Imperva Content Delivery Network (CDN) to Improve website experience globally

-
Image
Today’s website visitors expect a fast and efficient user experience with no delays or site performance issues. However, high traffic volumes and global reaching websites mean website managers are faced with the challenge of added latency and slow page load times, which can result in lost business. According to WebSiteBuilderExpert.com, 1 in 4 site visitors would abandon a website that takes more than 4 seconds to load. And 46% of site visitors do not revisit poorly performing websites, according to Unbounce.com. A strong Content Delivery Network   (CDN) is critical for website managers and businesses that rely on their websites for success, and here are ten reasons why. Improve your engagement Faster site speed times and more responsive websites bring results in more conversions. As little as a  one-second delay  in page load time can reduce customer satisfaction by 16%. Slow page load times According to  Unbounce , ‘Nearly 70% of consumers admit that page speed influences their likel
Read more

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

-
Image
On Feb. 13, 2024, Microsoft issued a  patch  for CVE-2024-21412, a  Microsoft Defender SmartScreen  vulnerability revolving around internet shortcuts. Previously, we discovered that an advanced persistent threat (APT) group we track under the name Water Hydra has been exploiting CVE-2024-21412 in a sophisticated campaign targeting financial market traders, allowing the group to bypass Microsoft Defender SmartScreen and infect its victims with the DarkMe remote access trojan (RAT). Threat actors are constantly finding new ways of identifying and exploiting gaps to bypass security measures. We found that the bypass of CVE-2023-36025 (a previously patched SmartScreen vulnerability) led to the discovery and exploitation of CVE-2024-21412. This highlights how threat actors can circumvent patches by identifying new vectors of attack around a patched software component. It is important that organizations are able to identify and mitigate vulnerabilities, especially zero-days, in a timely mann
Read more