Ok, I went out yesterday to do some shopping for groceries,
and other much needed items. My favorite
store I usually Jewel Osco and Aldi.
Luckily where I live, the two are close by from one another. Durning the
height of the COVID-19 pandemic, all that was played on the intercom were warning
messages about it.
But as things tempered down with the vaccinations that came
out, the normal music started to emerge again, which was finally great.
So now you hear barely anything COVID-19 anymore. But now, believe it or not, holiday music has
started to play, at least intermittently, to get you in the mood for buying gifts
for family and friends. So yes, this year
has gone buy very quickly, even more so than the previous one. Where does this all lead up to?
This is the starting point where all of the Cyber pundits
start to make their predictions for 2023.
I have not seen anything yet, but I bet in the next two weeks its going
to start to trickle out. This year of
2022 has been a relatively quiet one, when compared to 2021, when all of the
Ransomware attacks were really coming out.
Even with the geopolitical concerns that are happening in
Russia, luckily nothing major has happened here in the US.
Even this year, Ransomware has declined to a degree that
nobody has expected. But it won’t stay
quiet for so long, now that Christmas will be here before we even know it.
So, you might be asking where the Ransomware hackers, have
they all disappeared? No they haven’t,
but instead, they have taken on different types of tactics which makes them
even more elusive than ever before.
The following list details where they have been this year:
1)
They hire somebody else to do the dirty work:
The Dark Web is not just a place
where PII datasets can be sold for a great price, but it is here where you can
even hire what is known as Initial Access Broker (aka IAB) to launch the
Ransomware attack for you. More specifically,
their services are called “Ransomware as a Service”. All you have to do is a pick a target or targets,
and voila, they do the rest of the work.
So while the IAB breaks down the doors for you to steal the victim’s
credentials, you can from there plan how you are going to launch a subsequent
attack like an extortion based one, based upon what has been given to you. IABs are the real thing, as demonstrated by
these stats:
*There were more than 1,300 IABs
listed on the Dark Web in the last recent checks;
*The price for using their services
ranges anywhere from $1k to $10k;
*Average costs of services are
$4,600.00 to launch a sophisticated Ransomware attack;
*Some of the highly valued
credentials that you can get by hiring an IAB are the VPN login credentials and
other forms of privileged access.
More
information about IABs can be seen here at this link:
https://www.digitalshadows.com/blog-and-research/rise-of-initial-access-brokers/
2)
Cyberattackers are becoming more elusive:
I have written many times before as
to how the Cyberattacker is now taking their own sweet time to study their victims. But in some of these instances, they don’t
get onto the Dark Web. Rather, all of
the information and data that they need to build up a profile is publicly available
through social media sites and OSINT tools.
Once they can find a weak spot that they can lurk into, they will also
then spend forever lurking in silence to see what the prized possessions of the
company are, but most importantly, determine where they can drop off their malicious
payload(s) at. These are typically known
as APT style attacks. What is unique
about these kinds of threats are that the Cyberattacker can move in a sideways or
lateral fashion, thus making them even more detect. Also, another technique to avoid detection
are fileless attacks, where the Cyberattacker can also lurk about in the
physical memory of the wireless device, and literally leave no signature trails
behind them.
3)
Low profile targets are now getting attention:
As the Fortune 500 companies are
becoming less of a favored prey for the Cyberattacker, the next target are the SMBs
and nonprofits. Very often these kinds
of businesses simply do not have lines of defenses that are associated with
them. The fallacy in thinking here is
that (which I have heard so often) is that:
“If we have not been hit yet, we probably won’t be. We offer no value to the Cyberattacker”. Well, just recently, one of my clients told
me that their own client said the same thing, and the next day they were hit
with a Ransomware attack. In the end all
business have some value for the Cyberattacker.
It does not matter how large or small you are. Even an SMB could contain just a few PII
datasets that could prove to be very profitable for the Cyberattacker in the end.
Also, many SMB owners feel that Cyber solutions are too expensive for them to
procure. This is not true anymore. Many Cyber vendors are now starting to
realize that the SMB market can be a lucrative one as well, and thus, are now
starting to offer products and services that are very affordable.
4)
The person sitting right next to you:
In this instance, I am talking
about Insider Attacks, which have been initiated by a rogue employee. These kinds of individuals are often hard to detect,
but they do give away tell tale signs, especially with changes in their
behavior. These particular individuals
may not be planning an attack directly by themselves per se, but rather, they
could have been contacted by a malicious third party (via Social Engineering techniques)
to give them the details of the insides of the business, especially the IT and
Network infrastructure. From here, the rogue
employee would then be paid a handsome price. Consider these stats:
*57% of
the employees that were contacted were offered less than $500,000.00;
*28%
were offered between $500,000 and $1,000,000.00;
*11%
were offered more than $1,000,000.00.
The
above stats were taken from a survey just recently conducted by Hitachi, and more
information about that can be seen
here:
https://www.hitachi- id.com/hubfs/A.%20Key%20Topic%20Collateral/Ransomware/%5BInfographic%5D%20The%20R ising%20Insider%20Threat%20%7C%20Hackers%20Have%20Approached%2065%25%20of%20E xecutives%20or%20Their%20Employees%20To%20Assist%20in%20Ransomware%20Attacks.pdf
My Thoughts On This:
The next step in this blog would be how to write on how to
mitigate the risks from becoming a victim of a Ransomware attack. But I am not going to do it, many other Cyber
professionals have written blogs, articles, and even eBooks on this same
subject matter. A simple Google search will
reveal what you need to know.
Personally, I think Ransomware attacks will probably not
emerge so much for the remainder of this year, but a lot is going to depend as
to what happens with Russia and the Ukraine.
If things go further south, then things could get worse again on the Cyber
front. But my biggest fears are those
Ransomware attacks on our Critical Infrastructure.
No comments:
Post a Comment