The ransomware remains one of the greatest cyber threats to organizations with operators innovating extortion tactics and demand for stolen credentials continues to grow, reveals an international report.
Sophos, a global leader in innovating and delivering next-generation cyber security as a service, published its 2023 Threat Report recently, said a news release.
Criminal underground marketplaces like Genesis have long made it possible to buy malware and malware deployment services (malware-as-a-service), as well as to sell stolen credentials and other data in bulk. Over the last decade, with the increasing popularity of ransom ware, an entire ‘ransom ware-as-a-service’ economy sprung up.
The ‘as-a-service’ model has expanded, and nearly every aspect of the cybercrime toolkit, from initial infection to ways to avoid detection, is available for purchase in 2022.
With the expansion of the ‘as-a-service’ economy, underground cybercriminal marketplaces are also becoming increasingly commodified and are operating like mainstream businesses.
Cybercrime sellers are not just advertising their services but are also listing job offers to recruit attackers with distinct skills. Some marketplaces now have dedicated help-wanted pages and recruiting staff, while job seekers are posting summaries of their skills and qualifications. As the cybercrime infrastructure has expanded, ransomware has remained highly popular and profitable.
Over the past year, ransomware operators have worked on expanding their potential attack service by targeting platforms other than Windows while also adopting new languages like Rust and Go to avoid detection. Some groups, most notably the Lockbit 3.0, have been diversifying their operations and creating more ‘innovative’ ways to extort victims. The evolving economics of underground has not only incentivised the growth of ransom ware and ‘as-a-service’ industry, but also increased demand for credential theft.
The Sophos report also identified that the war in Ukraine had global repercussions for the cyber threat landscape. Immediately following the invasion, there was an explosion of financially motivated scams, while nationalism led to a shake-up of criminal alliances between Ukrainians and Russians, particularly among ransomware affiliates.
The criminals continue to exploit legitimate executables and utilize 'living off the land binaries’ (LOLBins) to launch various types of attacks, including ransomware. In some cases, attackers deploy legitimate but vulnerable system drivers in ‘bring your own driver’ attacks to attempt to shut down endpoint detection and response products to evade detection.
Sophos also identified that mobile devices are now at the center of new types of cybercrimes as not only the attackers using fake applications to deliver malware injectors, spyware and banking-associated malware, but newer forms of cyber fraud have been growing in popularity.