#InfosecurityEurope2022 Firms Face Emerging Threats as Bad Actors Evade Defenses

Organizations face three emerging threats that compromise identities, exploit the use of accomplices or insiders and evade current detection and defenses, according to security researcher Oliver Rochford.

During his insight stage talk at Infosecurity Europe, Rochford, security evangelist at Securonix, said that a growing number of criminal groups are acting as initial access brokers (IABs). These specialist groups form part of the “cybercrime as a service” economy on the dark web, focused on gaining access to systems and stealing credentials. Other cybercrime groups then buy the access.

“This frees up ransomware operators to develop their ransomware without having to worry about how to gain access to companies,” Rochford said.

Initial access brokers target specific types of organizations using “firmographics.” According to Rochford, ransomware groups are becoming more focused, turning their attention to companies that are likely to pay. They are avoiding critical national infrastructure and health care, as attacks on these are more likely to draw the attention of law enforcement agencies.

Yet, security researchers are also seeing an increase in accomplice-based ransomware and insider collusion. Here, employees offer their legitimate credentials to IABs or ransomware groups in return for a percentage of the payout. This can be as high as 40%, and Rochford cited one example where this would not be the insider $ 500,000.

Accomplice-based attacks are harder to detect because they use legitimate rather than compromised credentials. But this is not the only step attackers take to mask their activities.

Securonix is ​​seeing a growth in techniques that try to evade cyber defenses, including by avoiding the use of malware altogether. Instead, these attacks are known as “living off the land,” or file-less attacks. These use legitimate IT management tools such as PowerShell and BITS (background intelligence transfer service) and signed binaries. One report, according to Rochford, suggests that 91% of DarkSide ransomware attacks use legitimate, publicly available tools. These techniques are now also being used to attack cloud infrastructure.

According to Rochford, organizations can improve their defenses against these attacks. Multi-factor authentication, better monitoring, including behavior monitoring and threat detection. “We want to catch it early,” he said. “That gives a good chance to cripple the attack.”

Source

Organizations face three emerging threats that compromise identities, exploit the use of accomplices or insiders and evade current detection and defenses, according to security researcher Oliver Rochford.

During his insight stage talk at Infosecurity Europe, Rochford, security evangelist at Securonix, said that a growing number of criminal groups are acting as initial access brokers (IABs). These specialist groups form part of the “cybercrime as a service” economy on the dark web, focused on gaining access to systems and stealing credentials. Other cybercrime groups then buy the access.

“This frees up ransomware operators to develop their ransomware without having to worry about how to gain access to companies,” Rochford said.

Initial access brokers target specific types of organizations using “firmographics.” According to Rochford, ransomware groups are becoming more focused, turning their attention to companies that are likely to pay. They are avoiding critical national infrastructure and health care, as attacks on these are more likely to draw the attention of law enforcement agencies.

Yet, security researchers are also seeing an increase in accomplice-based ransomware and insider collusion. Here, employees offer their legitimate credentials to IABs or ransomware groups in return for a percentage of the payout. This can be as high as 40%, and Rochford cited one example where this would not be the insider $ 500,000.

Accomplice-based attacks are harder to detect because they use legitimate rather than compromised credentials. But this is not the only step attackers take to mask their activities.

Securonix is ​​seeing a growth in techniques that try to evade cyber defenses, including by avoiding the use of malware altogether. Instead, these attacks are known as “living off the land,” or file-less attacks. These use legitimate IT management tools such as PowerShell and BITS (background intelligence transfer service) and signed binaries. One report, according to Rochford, suggests that 91% of DarkSide ransomware attacks use legitimate, publicly available tools. These techniques are now also being used to attack cloud infrastructure.

According to Rochford, organizations can improve their defenses against these attacks. Multi-factor authentication, better monitoring, including behavior monitoring and threat detection. “We want to catch it early,” he said. “That gives a good chance to cripple the attack.”

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!