Posted on December 9, 2021
Want to interview Gerry?Contact
In our recent Update on Evolving Cybercrime Tactics, we discussed how cybercriminals’ tactics have evolved and changed over the past year. In this post we’ll talk about changes in the tools and technologies cybergangs use.
The information is based on the recently released 2021 Internet Organised Crime Threat Assessment (IOCTA) by Europol, the European Union Agency for Law Enforcement.
Cybercriminals around the world seized on the COVID-19 pandemic as a golden opportunity. Many companies lacked adequate security measures to support a workforce that transitioned to work-from-home overnight, leaving them vulnerable to attack (for too many, this still holds true). Cybercrime has exploded since the start of the pandemic, with Europol logging a 300% increase in ransom payments between 2019 and 2020.
Europol reports seeing a continuing move to “Crime-as-a-Service” (CaaS). Instead of using their skills to attack individual companies, many technologically sophisticated cybercriminals are creating cloud-based platforms for cybercrime, which other less technologically sophisticated criminals can use – for a fee or percentage — to launch attacks against businesses and other organizations. The report says,
The availability of exploit kits and other services not only serves criminals with low technical skills, but also makes the operations of mature and organised threat actors more efficient.
Several different varieties of CaaS are now available to cybercriminals. Europol reports seeing an increase in Malware-as-a-Service (MaaS) offerings on the Dark Web, especially Ransomware-as-a-Service (RaaS). RaaS typically uses an affiliate type program with cybercriminals paying a percentage of revenue from successful attacks launched using the software.
With Access-as-a-Service, cybercriminals can rent tools which enable them to access corporate networks. Once in, they can install their own ransomware or other types of malware.
This is a worrying trend for organizations of all types. Criminals who are very comfortable with tactics such as extortion and applying indirect pressure via third parties (such as customers or journalists), now have access to sophisticated technological tools that are capable of evading many corporations’ cybersecurity defenses.
Cybercriminals are becoming increasingly sophisticated in their use of Dark Web tools beyond CaaS as well. While Bitcoin is still the cryptocurrency of choice, more are turning to “privacy coins” such as Monero which leverage technologies that obfuscate transactions and provide superior anonymity, making them harder for law enforcement to track.
Cybercriminals are also relying on encrypted communication channels such as Telegram and Wickr, as well as VPNs and crypto phones. In a further blurring of lines between old-style, real-world criminality and cybercrime, these cybercrime tools are being adopted and used in “regular” crimes.
Collaboration Among Malware Developers
Another threat comes from collaboration among different types of malware developers. The Emotet botnet, which was used to deliver ransomware, trojans, and information stealers, was taken down in January of 2021. There have since been reports of Ryuk ransomware being delivered via a TrickBot infection, suggesting cooperation between two different cybercrime groups.
With cybercriminals stepping up their game, strong cyber defense is more crucial than ever. Prevention is vital, as cybercriminals have become increasingly ruthless, threatening denial of service attacks, release of confidential information, and reputation-damaging publicity to add muscle to extortionate ransom demands.
The most effective way to stop cybercrime is by using a Zero Trust approach to network security. With over 90% of attacks utilizing phishing and/or the web to deliver malware, one of the most important items in the Zero Trust toolkit is Remote Browser Isolation (RBI).
RBI website code is never executed directly by the browser on the user’s device. Instead, it is run in a virtual browser that’s isolated in a remote container in the cloud, with only safe rendering data reaching the endpoint browser. Even if a user clicks on malicious link, the malware remains harmlessly trapped in the remote container, and is destroyed when the user stops browsing.
Even the most secure organizations can fall victim to an attack – which is why a comprehensive Zero Trust approach is needed, one which also takes steps to mitigate damage in the event of a breach.
ZTEdge, for example, offers capabilities such as microsegmentation and identity and access management (IAM) in addition to RBI. By strictly limiting access and lateral movement with granular policy-based controls, ZTEdge ensures that even if a hacker manages to gain access via compromised user credentials, the harm they could do would be greatly constrained.
Using black hat SEO to achieve high rankings for particular search terms, threat actors can sit back as victims flock to their malware-infected websites.
As one of the keys to implementing least-privilege access, microsegmentation is an essential element in the Zero Trust toolbox.
In this post, we update the layered security concept for the age of Zero Trust, cloud computing, application-based work and work-from-anywhere.