Tag Archive for: Gangs

Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)

/in


Ransomware attacks are in decline, according to reports by several cybersecurity companies. Why is that?

More effort for less pay

In its mid-year 2022 Cyber Threat Report, SonicWall notes that there has been a global 23% drop in ransomware, “as geopolitical forces, volatile cryptocurrency prices, and increased government and law-enforcement focus impacted both who cybercriminals chose to attack and how well they were capable of carrying out those attacks.”

After witnessing many high-profile destructive attacks, companies have also been hardening their defenses, putting another obstacle in front of ransomware groups.

Among the reasons for the decline could also be that fewer organizations are willing to pay a ransom: According to Coveware, in Q1 of 2019, 85% of the cases they handled ended in the cyber criminal receiving a ransom payment, and in Q1 2022 that percentage fell down to 46%.

In Q2 2022, the median ransom payment also went down by 51% from Q1 2022.

“This trend reflects the shift of RaaS affiliates and developers towards the mid market where the risk to reward profile of attack is more consistent and less risky than high profile attacks. We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts,” the company shared.

To pay or not to pay?

Two US states (North Carolina and Florida) recently prohibited state agencies, counties and minicipalities from paying a ransom in response to a ransomware incident. North Carolina’s prohibition even extends to public schools and universities. BakerHostetler counsel Benjamin Wanger and associate Elise Elam say that they “expect to see similar laws introduced and/or passed in several additional states.”

Whether that’s a good move remains to be seen, but even IBM Security’s 2022 Cost of a Data Breach Report notes that, oftentimes, it doesn’t pay to pay the ransom.

“Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom…

Source…

Ransomware gangs target Japan as a feeding ground

/in


The Tsurugi Municipal Handa Hospital is a modestly sized, dreary pile in a somnolent corner of Shikoku island. It looks on to a river, backs on to a hill and serves an ageing local population last clocked at 8,048.

The perfect place, therefore, for the world’s most ruthless cyber-gangs to expand their assault on everyday life, shift the globalised ransomware war front deep into Asia and confront a whole new victim-scape with one of the more excruciating debates of modern business.

At this point the Handa hospital is just about back to normal, barring apologies and incident reports. But for two months at the end of last year, it was paralysed — unable to accept new patients and perform other basic functions after a ransomware attack targeting the extortionists’ sweet spot of medical records.

The assault on a stretched rural Japanese hospital during a pandemic would, under any circumstances, offer a chilling reminder of how unrepentant ransomware gangs are in pursuit of a payday. As a decade of rapidly rising attacks has shown (reported incidents more than doubled in the UK between 2020 and 2021), no company or institution is off limits, no weakness unexploitable, no threatened collateral harm too pitiless.

The medical, educational, infrastructure, legal and financial industries are favourite targets precisely because the stakes are so high and the threats so agonising. They are also getting more sophisticated. The average time spent inside a company’s network before a ransom demand is made is rising. The additional time, say former GCHQ officials in bleak briefings on the issue, is spent honing the most acutely painful threat.

The scale of financial carnage, too, continues to surge. In its 2021 report, IBM Security calculated that, globally, the average cost of a ransomware breach had hit a record $4.62mn — a figure that did not even include the ransom payment, which some experts reckon are handed over in at least a third of cases.

But the Handa incident, say cyber-ransom negotiators at Nihon Cyber Defence (NCD) — an agency that advises the Japanese government and whose team includes the founding head of the UK’s National Cyber Security Centre — underscores an…

Source…

Ransomware gangs increase efforts to enlist insiders for attacks

/in


office

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

Percentage of firms approached by RaaS actors
Percentage of firms approached by ransomware actors
Source: Hitachi ID

In most cases, the threat actors used email and social media to contact employees, but 27% of their approach efforts were conducted via phone calls, a direct and brazen means of contact.

As for the money offered to the employees, most received an offer below $500,000, but some proposals were north of a million USD.

Amounts offered to rogue employees
Amounts offered to rogue employees
Source: Hitachi ID

In half of those cases, ransomware gangs attacked the targeted company even without any insider help.

This shows that once a firm is a candidate for a ransomware attack, the rest is just about exploring potential ways to make the infiltration easier and less likely to be detected.

An ignored area

As reflected in the findings of the Hitachi ID survey, insider threats are generally ignored, underrated, and not accounted for when developing cybersecurity plans.

When IT executives were questioned about how concerned they are about internal threats, 36% responded with more concern about external threats, with 3% not worried about threats at all.

What IT executives think about insider threats
What IT executives think about insider threats
Source: Hitachi ID

Since last summer, when the LockBit 2.0 ransomware operation openly invited rogue employees to help them gain corporate network access, the awareness around the issue has been raised, but the problem persists.

CISA released a tool that can help companies assess their stance against insider threats in September 2021, warning that the particular trend is rising.

The entities that decided to do something about the issue increased…

Source…

12 digital gangs have targeted Egypt since beginning of pandemic: Kaspersky

/in


Kaspersky researchers monitored persistent threats (APT) in Egypt, and prepared 38 investigative reports related to 12 digital gangs targeting the country since the beginning of Coronavirus.

The reports included information on threats and investigations related to digital gangs targeting Egypt, which ranks third in the number of reports issued by all Middle Eastern countries, making it one of the most targeted countries in the region.

Kaspersky found that these gangs primarily target government institutions and diplomatic agencies as well as educational institutions and telecommunications companies in the country.

Other target audiences include financial institutions, IT companies, healthcare institutions, law firms, and military and defense agencies.

Some of the notorious digital gangs behind APTs investigated in Egypt included Lazarus, MuddyWater, Zeboracy, StrongPity, and SideCopy.

The research team found that exploitation of public applications, valid accounts, and phishing were the most common attack vectors targeting infrastructure in Egypt.

The Lazarus gang, for example, is notorious for conducting targeted phishing campaigns and “water hole” attacks that monitor highly frequented websites and inflate them with malware. The MuddyWater Middle Eastern espionage gang targeted government agencies, telecom companies and oil with the aim of extracting information using the hacked accounts to send phishing emails with attachments directed at specific targets. 

There is the Zeboracy Trojan, which is employed in digital espionage campaigns to collect raw data from compromised systems.

The StrongPity gang is responsible for spying campaigns that use “zero-day” attacks, social engineering tricks, and Trojan installers to deliver malware to their victims.

In turn, the SideCopy gang carries out malware attack campaigns targeting various entities for espionage purposes.

Abdelsabour Arous, a security researcher in Kaspersky’s Global Research and Analysis Team, emphasized that threats are becoming more and more complex every day, saying that investigating and reporting on the activity of these digital gangs…

Source…