Cybercrime is a money-making business. It is subject to trends, picks up on current developments and is constantly changing. So the insight and outlook is always just a snapshot or a trend, such as the adoption of vulnerable signed drivers and tactics of state groups.
The reuse of existing attack techniques and the emergence of new attacks are common in the threat landscape. Cyber criminals often continue to use successful tools and techniques and will continue to do so until they no longer work. Says John Shier, Field CTO Commercial at Sophos.
Cyber criminals are extremely adaptable
Some change and adapt their tools and techniques to align with new targets or to exploit similar vulnerabilities in new ways. However, as technology evolves, so do new attack vectors, and attackers are constantly looking for new ways to bypass security measures. As protections continue to improve, we have seen cybercriminals adopt vulnerable signed drivers to bypass endpoint detection and response (EDR) tools. We also see cybercriminals emulating nation-state groups by incorporating their tools and tactics into their attack plans.
Method doesn't matter with Cybergangster: the goal is always money
The preferred attack varies from cybercriminal to cybercriminal and depends largely on their motives, skills and the possibility of monetizing their attacks. For example, Initial Access Brokers (IABs) have motives and expertise focused on gaining a foothold in an organization's network and selling that access to other cybercriminals. Ransomware gangs specialize in encrypting high-value targets such as servers and, in many cases, stealing data as well. Some cyber criminals are experts at exploiting security vulnerabilities. Whichever attack is preferred, the end goal is clear: money.
The most repeated attacks are the ones that promise the best success. So far they consist of exploitation of vulnerabilities and phishing. These two attack vectors enable most network breaches that often lead to the most common threat: ransomware.
Ransomware remains the most prevalent threat to businesses
Many companies, large and small, across a wide range of industries fall victim to ransomware every day. For example, 459 ransomware attacks were reported in March alone. Almost a third of these attacks were due to a zero-day vulnerability in the GoAnywhere MFT tool for secure file transfer, which was allegedly exploited by the Cl0p ransomware gang to infiltrate within 10 days to steal data from supposedly 130 victims. Another zero-day vulnerability in a similar software product, MOVEit Transfer, is currently being actively exploited by cyber criminals, affecting many well-known companies.
It is important to be aware that ransomware is always the final stage of a successful attack, which also includes information theft, downloader trojans, cryptominers, and many other threats.
Supply chains are likely to be an upcoming target
As far as the coming months are concerned, we can probably expect an increase in attacks on the supply chain. These attacks appear to be on the rise. Supply chain compromises are very attractive to cybercriminals as they can give them access to multiple victims at once. As long as the cyber criminals can use this to loot money, these attacks will be effective for them and will continue. Companies should therefore not only ensure that they are prepared for direct attacks, but also that they are able to defend against attacks from trusted partners.
Robust security practices are required
As the attack surface continues to expand, it is important for individuals, organizations, and governments to remain vigilant, implement robust security practices, and invest in threat intelligence, proactive monitoring, and incident response capabilities. Regular security assessments, patch management, staff training, and partnerships with cybersecurity professionals are critical to staying ahead of emerging threats in the ever-changing cyberspace.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.