Security professionals and CISOs have been protecting their organizations from ransomware for a long time, adapting to changes in technology to protect against the risks of stolen data or disruptions to important systems. Cybercriminals are always coming up with new ways to attack, and it looks like the global ransomware community is ready for a revolution that could make them more powerful, versatile, and dangerous. The ransomware kill chain can be adapted to many different criminal activities, such as extortion, business email compromise, cryptocurrency theft, and stock market manipulation. It appears that some of these changes have already started. To protect their organizations from the next generation of cyber threats, security leaders should consider the four possible outcomes of a ransomware revolution. To learn more about seven ways the ransomware business model could change, read The Near and Far Future of Ransomware Business Models. Some governments are recruiting ransomware actors to use their skills for good, such as the U.K.'s National Crime Agency, which has a program to turn teenage hackers into ethical security experts. Other countries are more interested in taking advantage of these bad actors than reforming them. These groups could be used to carry out intrusions that align with the state's objectives, and the state could use leverage over them in the form of reduced sentences. This has already happened, such as when the pro-Russian hacktivism group Killnet was taken over by BlackSide, a group experienced in ransomware, phishing, and cryptocurrency theft. They attacked high-profile targets like Lockheed Martin and claimed to have stolen the defense contractor's employee data. Darkside showed some creativity in 2021 when they aligned with stock traders to short their latest victim's stock before the breach was made public. This could result in huge profits for the cybercriminals. Financial regulators are aware of these schemes and can recognize suspicious stock trading patterns. Cybersecurity leaders need to make their boards understand that one breach could be devastating for their organizations, as their data, stock prices, and public image could all be affected. Supply chain attacks have been increasing, but they are usually discussed as a national security issue. Widespread ransomware deployments could be just as damaging, and some ambitious ransomware groups have already proven how effective these tactics can be. For example, REvil-affiliated attackers infiltrated IT solutions company Kaseya's managed software providers and tricked up to 1,500 companies. This is a very effective attack because customers trust their managed software, and the attackers only need a few payouts to make it worthwhile. There are even more worrying applications of this strategy that combine the effectiveness of ransomware, the wide reach of the supply chain, and the goals of nation state actors. The NotPetya attacks of 2017 infiltrated software company MeDoc, which almost 80% of companies in Ukraine relied on. Although the attackers deployed ransomware, NotPetya's true goal seemed to be creating chaos as victims who agreed to pay the ransom did not recover their data or systems. Security leaders should take steps to limit exposure by securing their organization's digital supply chain. One possible future for ransomware is that instead of deploying a payload, adversaries with the skills to infiltrate an organization's computer systems will use the data they find there to carry out a BEC attack. BEC scams trick targeted employees into wiring the attackers large sums of money. Usually, no credential phishing or malware is required to pull off this deception-just publicly available information and social engineering. Although social engineering is a skillset that most ransomware groups don't require, it is only a matter of time before the much greater profits to be made from BEC attacks tempt them to branch out. The FBI reported that worldwide losses from BEC attacks between June 2016 and December 2021 totaled $43 billion, with the average losses in 2016 estimated to be $160,000. Cybersecurity leaders should take all breaches seriously, as ransomware groups are always improving their methods to be more effective and profitable. To protect against these threats, a all-in-one platform with XDR, such as Trend One, can be used to detect and respond to threats faster and more accurately.
This Cyber News was published on www.trendmicro.com. Publication date: Thu, 09 Feb 2023 11:54:02 +0000