Published on November 23rd, 2021 📆 | 3067 Views ⚑0
79 percent of cybersecurity incidents in 18 months fueled by crypto
A report by cybersecurity firm Sophos revealed that ransomware, fueled by cryptocurrency, was involved in 79 percent of the global cybersecurity incidents in the last 18 months. The Conti and REvil ransomware attacks were on top of the list, notes Sophos. Further, the security firm says that cryptocurrency will continue to fuel cybercrimes such as ransomware and malicious cryptomining.
Sophos expects the trend will continue until global cryptocurrencies are better regulated. The company notes that over the coming year, the ransomware landscape will become both more modular and uniform, with attack “specialists” offering different elements of an attack “as-a-service” and providing playbooks with tools and techniques that enable different adversary groups to implement very similar attacks.
According to Sophos researchers, attacks by single ransomware groups gave way to more ransomware-as-a-service (RaaS) offerings during 2021. Further, specialist ransomware developers focused on hiring out malicious code and infrastructure to third-party affiliates. Some of the most high-profile ransomware attacks of the year involved RaaS, including an attack against Colonial Pipeline in the US by a DarkSide affiliate.
An affiliate of Conti ransomware leaked the implementation guide provided by the operators, revealing the step-by-step tools and techniques that attackers could use to deploy the ransomware. Interestingly, once they have the malware they need, RaaS affiliates and other ransomware operators can turn to Initial Access Brokers and malware delivery platforms to find and target potential victims. This is fueling the second big trend anticipated by Sophos.
The research highlights that the established cyberthreats will continue to adapt to distribute and deliver ransomware. These include loaders, droppers and other commodity malware; increasingly advanced, human-operated Initial Access Brokers, spam, and adware.
In 2021, Sophos reported on Gootloader operating novel hybrid attacks that combined mass campaigns with careful filtering to pinpoint targets for specific malware bundles.
“Ransomware thrives because of its ability to adapt and innovate,” said Chester Wisniewski, principal research scientist at Sophos. “For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance companies, and negotiators.”
“It is no longer enough for organisations to assume they’re safe by simply monitoring security tools and ensuring they are detecting malicious code. Certain combinations of detections or even warnings are the modern equivalent of a burglar breaking a flower vase while climbing in through the back window. Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of entire networks,” Wisniewski added.