Gangs are organizing and creating new tactics to invade, hijack systems and extort victims
Security company Symantec, a division of Broadcom, posted on its blog the main cyber threats for 2021, based on history and also a retrospective of this year. The first prediction is that ransomware gangs will continue to develop tactics to extort their victims. According to the company, if in 2019 targeted ransomware attacks began to proliferate, 2020 was the year in which these groups began to develop their tactics and find new ways to force their victims to pay.
The original model for a targeted ransomware attack already posed a significant threat to most organizations. Unlike older crypto-ransomware operations, which were designed to spread indiscriminately, targeted ransomware groups focus on one organization at a time and try to encrypt as many computers as possible on the victim's network, in addition to cleaning up backups when available. Encrypting most, if not all, of the machines on the victim's network allowed attackers to submit a high-value ransom request, ranging from hundreds of thousands of dollars to several million.
Learning from the past to protect the future can be critical to an organization's cybersecurity efficiency
While targeted ransomware attacks can be difficult and time-consuming to perform, the potential returns are enormous and there has been a proliferation of groups that carry out these types of attacks.
During 2020, attackers began to find other ways to maximize their revenue. In January, the Maze ransomware gang started stealing data from their victims' networks before encryption and threatened to publish that data unless the ransom was paid. The tactic has allowed the gang to pressure two types of victims who would not normally pay a ransom: well-prepared organizations capable of restoring their network without having to pay for a 'decryption' key and companies that estimate the cost of losing their data is less than the risk of paying a ransom. The success of the tactic was demonstrated by the fact that several other ransomware gangs immediately started incorporating it into their attacks.
So Symantec predicts that by 2021 ransomware gangs will become more aggressive in their search for new ways to extort victims. There is already evidence of this, with reports of at least one gang threatening DDoS attacks on victims.
New Tactics
Another security company prediction is that criminals will look for ways to exploit the fact that people are working from home because of the pandemic. What initially appeared to be a temporary measure is looking more permanent and many companies are now adapting to a long-term, if not permanent, a model of remote work for most of their employees.
This presents a considerable challenge for security professionals. Employees who were sitting in a single office, on a single network, are now at home, using home networks and internet connections and remotely accessing the company's systems. A decentralized workforce could, in theory, represent more potential avenues of attack. Combined with the fact that the move to remote work was largely unplanned, it is easy to see why cybercriminals may be wondering if there are opportunities to explore.
An early indication of this is the level of interest that attackers have exhibited in a series of recently fixed vulnerabilities in VPNs and virtualization software. Several warnings have been issued by attackers trying to exploit vulnerabilities in Pulse Secure VPN, Palo Alto GlobalProtect, Fortigate and Citrix ADC servers, and Citrix network gateways.
An example of how attackers are quick to try to exploit these flaws, there was an increase in attempts to exploit the Citrix vulnerability immediately after its release, peaking in February, with more than 490,000 attempts blocked by Symantec.
And as it is organized crime, another prediction is that there will be close cooperation between gangs, a phenomenon that is not new. The cybercrime ecosystem tends to be very segmented and actors generally specialize in malicious activity, rather than dealing with end-to-end attacks. It is a world in which malware creators, distributors, exploit kit developers, money launderers and many others interact frequently.
However, new and potentially worrying news is that some of the biggest players in cybercrime are getting closer, in particular, some of the biggest botnet operators and ransomware authors. In recent years, Emotet (and until recently Trickbot) has been among the most powerful botnets, stealing credentials from infected users and selling its services to malware authors looking for a distribution channel.
Meanwhile, targeted ransomware (ransomware attacks in which most, if not all, of the victim's organization's computers, are encrypted) is among the most profitable cybercrime niches, sometimes earning attackers millions of dollars in a single attack.
A recent Europol Organized Crime Threat Assessment stated that the relationship between Emotet, Trickbot, and the ransomware group Ryuk was now so close that it was possible that the three belonged to the same general structure or that they became more intelligent in cooperating with each other. . "The relationship between Emotet, Ryuk and Trickbot is considered to be one of the most notable in the world of cybercrime," says the report.
Find the best antivirus to protect your self from ransomware attacks
While there is no crystal ball for what will happen in 2021, Symantec says the story is a strong indicator that attackers will continue to refine their methods to take advantage of global events and the adoption of new technologies. Learning from the past to protect the future can be critical to an organization's cybersecurity efficiency.
Comments
Post a Comment