What Are the New Ways Adopted by Cybercriminals to Exploit Businesses That Require a Business to Deliver?
Several centuries ago, getting robbed by highwaymen while traveling was so prevalent that most people either signed their wills before leaving home or hired escorts. However, the initial wave of ransomware assaults followed the highwayman’s “stand and delivered” lines—”you’ve been assaulted; therefore, pay me.” Cybercriminals have recently adopted more sophisticated tactics significantly, necessitating the necessity for managed cybersecurity services. The new approaches include being inventive in how they attack firms to demand extortion and devising novel ways to convince victims to pay.
As our current 2020 Cyber Threatscape study demonstrates, ransomware threat actors are experiencing renewed success in 2020 as they develop these new profitable and sustainable business models. Along with attacking firms with ransomware, they are taking firm data—and notifying public channels such as the news media about the data breach. This means that victims will face an expensive malware recovery process if they do not use managed cybersecurity services and additional consequences, such as reputation damage.
Cover, a ransomware recovery company, reported that the average ransom payment increased to US$178,254 in the first quarter of 2020, up 60% from the same period last year.
The situation could deteriorate significantly. As threat actors’ earnings grow, they can innovate and develop in more sophisticated cybersecurity managed services that deliver ransomware, taking advantage of the increased vulnerabilities associated with large numbers of employees working remotely.
During the past year, these three Cyber Threat Intelligence (CTI) trends have been observed by the Accenture team in the CTI division:
Maze ransomware changes the game, again.
Over the years, ransomware has had numerous watershed moments—moving from locking displays to encrypting entire systems, embracing cryptocurrencies as a payment method, and figuring out how to be self-spreading (for example, WannaCry). Then, in late 2019, the threat actors responsible for the Maze ransomware variant altered the game once more. Maze infected a significant security staffing organization, stole company data, and informed the media—ultimately releasing 700MB of material in the public domain when the ransom was not paid. This “name and shame” strategy increases the pressure on victims to pay, even though managed cybersecurity service providers, law enforcement, and cybersecurity professionals have consistently cautioned against paying ransoms.
Theft of data and extortion impersonations exacerbate victims’ predicaments.
Malicious actors are cloning and altering pre-existing ransomware strains, including new methods, and adding newly produced ransomware bits. Maze, for instance, repurposed pre-existing Sodinokibi (also known as Ravil) ransomware in April 2019 by adding data theft and extortion tactics, strategies, and procedures (TTP). It began by issuing threats via legitimate Dark Web sites that linked to stolen data. Then it published screenshots of important information, documents, databases, and client data on its name-and-shame website. By explicitly implicating corporate customers and partners in the data leak, managed cybersecurity services ensure that the victim has no financial pressure or risk of losing business from those impacted.
The new ransomware wave upends the debate over cost versus disruption:
Law enforcement officials and leaders in the cybersecurity field have long warned victims not to pay the ransom. However, the success of modern ransomware strategies has resulted in numerous instances of victims paying a ransom. They do so to avoid incurring the high costs involved with cybersecurity evaluation and management, being subject to the fines associated with a data breach, or discovering that the incident’s negative press and reputational harm become public knowledge. Despite the best efforts to pay the ransom fast and quietly, compromises are frequently disclosed to the public.
In 2021, firms will continue to face difficulties defending against ransomware and data theft, necessitating the increased use of managed cybersecurity services. Additionally, threat actors may be capitalizing on the anxiety and economic uncertainty produced by the global COVID-19 outbreak with the financial gain in mind.
This means that we could all be held up by cyber highwaymen as their tactics advance. Therefore, assuring cybersecurity threat management requires all firms to carefully consider how they will respond to the mandate to “stand and deliver.”
How can CSE Security help?
We pride ourselves on offering customers a comprehensive, end-to-end solution that includes powerful cyber defense, innovative cybersecurity applications, and meticulous security operations management. By combining new technologies with our global scale and worldwide delivery abilities, we can better deliver security innovation with complete protection. Helped by our talented team of industry professionals, we support customers in achieving innovation, building cyber resilience, and accelerating growth.