Ransomware driving professionalisation of cyber crime

WithSecure report highlights a security incident involving five different groups as evidence of an increasingly professional, service-oriented cyber crime industry.

  • 1 year ago Posted in

The success of ransomware gangs has spurred a significant trend of professionalization amongst cyber criminals where different groups develop specialised services to offer one another, according to a new report from WithSecure™ (formerly known as F-Secure Business).  

 

Ransomware has been around for decades, but the threat has continuously adapted to improvements in defenses through the years. One notable development is the current dominance of multi-point extortion ransomware groups, which employ several extortion strategies at once (usually both encryption to prevent access to data and stealing data to leak publicly) to pressure victims for payments.  

 

According to an analysis of over 3000 data leaks by multi-point extortion ransomware groups, organisations in the United States were the most common victims of these attacks, followed by Canada, the United Kingdom, Germany, France, and Australia. Taken together, organisations in these countries accounted for three-quarters of the leaks included in the analysis.  

 

The construction industry seemed to be the most impacted and accounted for 19% of the data leaks. Automotive companies, on the other hand, only accounted for about 6%. A number of other industries sat between the two due to ransomware groups having different victim distributions, with some families targeting one or more industries disproportionately to others.  

 

While the threat of ransomware has inflicted considerable pain on organisations in different countries and industries, its transformative impact on the cyber crime industry cannot be overstated. 

 

“In pursuit of a bigger slice of the huge revenues of the ransomware industry, ransomware groups purchase capabilities from specialist e-crime suppliers, in much the same way that legitimate businesses outsource functions to increase their profits,” explained Senior Threat Intelligence Analyst Stephen Robinson. “This ready supply of capabilities and information is being taken advantage of by more and more cyber threat actors, ranging from lone, low-skilled operators, right up to nation state APTs. Ransomware didn't create the cyber crime industry, but it has really thrown fuel on the fire.” 

 

In one notable example highlighted in the report, WithSecure investigated an incident that involved a single organization compromised by five different threat actors, each with different objectives and representing a different type of cyber crime service: 

•        The Monti ransomware group 

•        Qakbot malware-as-a-service 

•        A cryptojacking group known as the 8220 Gang (also tracked as Returned Libra) 

•        An unnamed initial access broker (IAB) 

•        A subset of Lazarus Group, an advanced persistent threat associated with North Korea’s Foreign Intelligence and Reconnaissance General Bureau 

 

According to the report, this professionalization trend makes the expertise and resources to attack organizations accessible to lesser-skilled or poorly resourced threat actors. The report predicts that it is likely that the number of attackers and size of the cyber crime industry will both grow in the coming years.  

 

“We often talk about the damage ransomware attacks cause to the victims. Less attention is paid to how ransom payments provide additional resources to attackers, which has encouraged the professionalisation trend described in the report. Near-term, we’re likely to see this changing ecosystem shape the resources and type of attacks facing defenders,” said WithSecure Head of Threat Intelligence Tim West. 


Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...