SECURITY
SECURITY
SECURITY
Ransomware gangs evolve as the fight against cybercrime ramps up
Threat protection startup Deep Instinct Ltd. today released a new report that details some disturbing changes in the world of ransomware as the fight against cybercrime has continued to ramp up throughout the year.
The 2022 Bi-Annual Cyber Threat Report finds significant changes in threat actor structure as some of the most prevalent actors have changed or splintered. Ransomware gangs, including LockBit, Hive, BlackCat and Conti, have either returned in new forms after being knocked offline or, in the case of Conti, former affiliate groups have emerged with their own operations.
Malware campaigns are in flux, according to the report, which highlights changes to Emotet, Agent Tesla, NanoCore and others. Emotet, which surged earlier this year, is now using highly obfuscated VBA macros to avoid detection.
A move by Microsoft Corp. to disable macros by default in Microsoft Office files was found to result in a sizable decrease in the use of documents for malware distribution. Threat actors were found to be “shifting gears” and implementing other methods to deploy their malware, such as LNK, HTML and archive email attachments.
Significant vulnerabilities remain an ongoing issue, with the likes of SpoolFool, Follina and DirtyPipe highlighted as exploiting both Windows and Linux systems despite efforts to enhance security. The researchers also say exploited in-the-wild vulnerabilities also surge every three to four months and that they’re expecting a new spike in the last two months of the year.
Data exfiltration attacks were found to be extending to third parties, with threat actor groups demanding ransom payments for leaked data. Sensitive data exfiltration remains a popular target because there are fewer remediation options for companies affected. The number of active leak databases created by ransomware groups is now found to total 17.
The report predicts that insiders and affiliate programs will continue to rise in popularity as malicious threat actors look for the weakest link. Some threat actors choose to go after weak targets or simply pay an insider for access. The infamous Lapsus$ gang is a prime example of a group that regularly does the latter.
With the Russian invasion of Ukraine ongoing, the Deep Instinct researchers predict that “protestware” will continue to rise. They also warn that there’s a high chance of major end-of-year attacks as well, given that there have not been vulnerabilities in 2022 similar to Log4j or the Exchange issues in 2021.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
