4 ways cybercrime is evolving as risks increase
The threat landscape continues to change as bad actors refine their cybercrime tactics and expand their attack options.
Cyberattacks continue to break new records and bad actors keep getting better at what they do. The only way organizations can truly defend themselves is by gaining an understanding of how cyber threats are evolving, acquiring the knowledge of how criminals are operating, and implementing security controls and defense mechanisms more proactively. Let’s explore some of the ways in which cybercrime has evolved in recent times to build a deeper understanding of the threat landscape in 2023.
- Ransomware evolves yet again
Ransomware continues to be one of the greatest threats to businesses and governments worldwide. Ransomware operators are continuously innovating and experimenting with new technologies. For example, researchers recently discovered that malware authors were rewriting ransomware code in new programming languages such as Rust to make their detection and reverse engineering even more difficult.
Ransomware extortion methods are also changing. Threat actors are selling stolen data through a subscription model or auctioning it off to the highest bidder, weaponizing leaked ransomware data to go after victims again, including their customers, partners and business associates (a.k.a. double or triple extortion). Victims are even being offered the option to conceal the breach.
Ransomware groups also seem to be reorganizing and rebranding themselves, due to increasing crackdowns and pressure from law enforcement. That said, 2023 data indicates that adversaries are showing no signs of letting up. In fact, threat actors appear to be targeting certain verticals more than others: attacks on utilities, healthcare and consumer staples have increased by 150% since January.
2. Cybercrime-as-a-Service reaches a new level of commercialization
Now we have cybercrime-as-a-service breaking down nearly every single barrier of entry to the world of cybercrime. Tools and tactics once reserved for the most sophisticated threat actor are now within reach of nearly everyone on the dark web. From phishing kits to initial infection, from distributed denial of service attacks (DDoS) attacks to ransomware, and from infiltration to exfiltration — nearly every step of the attack chain is available as a cloud service.
For example, ransomware kits can be purchased for as little as $40 to a few thousand dollars a month and these services come with in-depth tutorials, software updates and help desk support. Cybercriminals are also advertising cybercrime jobs on the dark web for roles as varied as data analysts, malware developers, initial compromise hackers, reverse engineers, phishing email and web designers, malware testers, and IT administrators. No doubt, cybercriminals are operating like mainstream businesses. Organizations need to become more mature in their defense approach and capabilities.
3. The demand for info-stealers and credentials grows
Adversaries aren’t satisfied with stealing healthcare data or credit card information. They’re gunning after employee information, client information and login credentials. This is because there is growing demand in underground marketplaces from other threat actors that are looking to quickly gain access to usernames, passwords and multi-factor authentication (MFA) session cookies.
There are about 24 billion credentials available for purchase on the dark web and info-stealing malware is also available to rent in exchange for a share of stolen data or money. Stolen credentials offer cybercriminals true and tested methods through which to bypass security defenses, infiltrate target organizations and launch highly targeted attacks. As a result, attackers are spending more time in victim organizations, conducting reconnaissance, making lateral movements, looking for access to proprietary information, and discovering ways to disrupt critical systems and resources.
4. Attackers turn to LOLBins and vulnerable drivers to launch attacks
One of the biggest evolutions to have occurred in recent times is the use of LOLBins (or fileless attacks) as an attack vector. According to reports, cybercriminals have been leveraging legitimate system utilities like Powershell, .NET Framework, and Windows management instrumentation (WMI) processes to execute their misdeeds. LOLBins are favored by cybercriminals because such attacks leave no footprint on the victim’s machine and therefore are likely to go undetected. What’s more, LOLBins have broad permissions to make system-wide changes and also possess remote access and code execution capabilities. That’s not all, attackers have developed techniques to bypass EDR (endpoint detection and response) detection by exploiting vulnerable drivers and deconstructing how operating system kernels work.
How can organizations protect themselves against these evolving threats?
Organizations need to look at cybersecurity from a people, process and technology perspective. They need to focus on building a Zero Trust environment, implement granular access controls and deploy MFA at the very least. They need to lock down all potential attack surfaces, patch all internet-facing software, applications, drivers, cloud storage, devices and more, and validate their systems and security configurations regularly. They need to think about remote access especially now because many users work from home. They must focus on user awareness training, hands-on coaching and security behavior. Employees should be vigilant at all times, able to recognize smart phishing attempts, be aware of the latest cybercrime tools and tactics, and follow security best practices when dealing with anything online.
Last but not least, organizations must ensure backups are in place, incident response plans are drawn up and rehearsed, and cyber insurance secured. There is too much involved for any size organization to undergo this alone. Because cybersecurity is obviously complex, partnering with outside expertise for security policy and procedural guidance is practically mandatory. At best, it is more pragmatic to mitigate security incidents proactively than to have to deal with the fallout.
Michelle Drolet is CEO of Towerwall, a specialized cybersecurity firm offering compliance and professional onsite services with clients such as Foundation Medicine, Boston College and Middlesex Savings Bank. Founded in 1999 in Framingham, MA, Towerwall focuses exclusively on providing small to mid-size businesses customized cybersecurity technology programs. Email her at michelled@towerwall.com or contact her via Linkedin or Twitter @towerwall.
Related: