More than any other industry, cybersecurity is constantly changing. The number of major paradigm shifts that have transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware. The costly and global threat of ransomware has evolved alongside changing technology in the past two decades. Just as threat researchers and engineers rethink their solutions when the currents of cybersecurity shift, their adversaries are always following the latest trends to successfully target their victims. New developments like the success of law enforcement crackdowns on ransomware, changing government regulations, international sanctions, and the looming regulation of cryptocurrency will force adversaries to adapt-both to overcome new challenges and take advantage of new opportunities. For cybersecurity leaders, keeping ahead of these 6 changes will be crucial in defending against new exploits and attack vectors.
Traditionally, ransomware groups targeting businesses have preyed on industries where uptime is crucial and even an hour lost to a payload that encrypts files or halts production can be prohibitively expensive. Some adversary groups are finding success without ever deploying a payload. LAPSU$, a group believed to have targeted such heavyweights as Microsoft, Nvidia, Uber, and Rockstar Games, gained prominence by extorting their victims and posting stolen data online when they failed to meet the groups demands. As adversaries find more avenues to profit from their targets, cybersecurity leaders will need to carefully consider where all of their organizations vulnerabilities lie.
Today, stealing or encrypting data to extort victims is the norm for ransomware groups. One compromised machine can provide adversaries with a wealth of company secrets and sensitive documents ready for sale to the highest bidder. While ransomware groups are not known for widespread data monetization, its an established underground industry which these groups are primed to enter as brokers for other cybercriminals-maximizing profit while minimizing exposure.
As more organizations move to the cloud, the landscape of endpoint vulnerabilities is shifting along with them. Cybersecurity teams have already adapted to the decentralized nature of the cloud, but misconfigurations and unpatched vulnerabilities are still prime targets for ransomware groups seeking a foothold. While the diffuse nature of cloud resources poses a challenge for adversaries, theyre developing new strategies that leverage idle resources in response. A study by Googles Cybersecurity Action Team found that 86% of compromised cloud instances are used to mine cryptocurrency. Adversaries already engaged in Cryptojacking can easily deploy ransomware on the compromised systems, or sell access to more established ransomware groups. As cryptomining group TeamTNT proved, just one compromised endpoint can offer adversaries access to sensitive data in the cloud for all kinds of criminal ends.
Cybersecurity leaders know that no attack vector is small enough to overlook when any breach could prove devastating. Uncommon platforms might actually pose the greatest risk to your organization, because ransomware groups appreciate the value of business-critical devices without ready backups. Adversaries dont just stick to tried-and-true exploits, either. Researchers from the Georgia Institute of Technology created a proof of concept for deploying ransomware to a program logic controller in 2017. Rebuilding or replacing such a device could be prohibitively expensive, which is exactly what ransomware groups seeking a payout look for in their targets. In 2017, Trend Micro researchers found that the older mainframes essential to many business-critical systems can be held hostage by adversaries if theyre connected to the internet. The range of malicious actions available to ransomware groups includes changing administrative passwords and making it harder to reboot the network or equipment.
These days even adversaries are taking advantage of time- and cost-saving automation. Just like professional organizations, ransomware groups are scaling to maximize revenue by automating tasks and limiting human error. Penetrating a system, the most costly stage of a ransomware attack in terms of both time and effort, can now be streamlined-emboldening adversary groups with fewer members or resources. For cybersecurity leaders, this will mean more attacks to fend off while theyre already moving laterally through the affected environments, which is ironically when deterring threats is the most costly.
Ransomware actors that traffic in a high volume of breaches, like Cerber, are already making use of blockchain technology to carry out their attacks more efficiently. Theres no shortage of ways for crafty adversaries to breach their target networks. For the evolving, professional ransomware group
This Cyber News was published on www.trendmicro.com. Publication date: Thu, 02 Feb 2023 05:20:03 +0000