If we mention which are the cyber threats that most concern companies, surely the ransomwareis in the top positions . The idea of suffering an attack that leaves the information necessary to continue with the business inaccessible, and also steals that information and even threatens to make it public, is a nightmare that no company, business or organization, regardless of its size, wants to go through .
A threat that reinvents itself
We cannot say that ransomware is a new type of malware , since we have been talking about families and variants for several years and, in fact, the first attacks considered as such are already thirty years old. However, the ransomware modern has experienced an important evolution in recent months , becoming more effective and dangerous even – more than it already was- for all types of businesses and organizations.
Although it is true that since the end of 2017 and almost all of 2018, ransomware was relegated to the background by the rise of unauthorized crypto mining , we must emphasize that at that time it practically indiscriminately attacked companies and individuals and was almost limited always to encrypt files that may contain important information, and then demand a ransom.
With regard to the amounts of ransom requested, it is also something that has changed, since those of a few years ago have little or nothing to do with those that are required now. The increase has been substantial , in some cases multiplying by ten or more compared to what was requested just a couple of years ago.
To Learn More Click: buy email address
On the other hand, the study also reveals some ignorance on the part of the Spanish. In fact, it is not clear where they are most vulnerable to cyber attacks. For example, only two out of ten consider their email to be the biggest vector that cybercriminals can use to attack them. This data contrasts with the latest PandaLabs report. In it, it is indicated that, of the five main attack vectors that exist on the Internet, the first three arrive mainly through email .
In contrast, respondents do show greater concern with where they connect to the Internet from. In fact, most fear that cybercriminals will access their devices through public WiFi networks . “This is very reassuring data, because everything indicates that society is beginning to become aware of the cyber risks involved in connecting to open networks,” adds Lambert.
The wrong feeling about online scams
Despite this, Panda draws attention to a worrying fact revealed by this barometer. And is that the majority of Spaniards believe that cyberattacks are something alien to them. What’s more, 76% of Spaniards think they have never been the victim of a cyber attack. Only 16% say they have had some kind ofmalware; while a tiny 4% admit having been the victim of some digital blackmail attempt.
To Learn More Click: asp .net hosting
According to the company, this is a strange perception, since last year alone it registered 14.9 million
A new model
One of the biggest evolutions has been the implementation of the ransomware- as-a-service (or RaaS, for its acronym in English) model. This model was used with great success by the operators behind GandCrab until its withdrawal in mid-2019 and is based on an affiliate system in which the latter pay a commission to malware developers for obtaining new variants and other services that they use. help to commit their criminal actions.
After the withdrawal of GandCrab, new actors emerged who wanted their piece of the pie, and thus, for a year, we have seen families such as REvil (also known as Sodinokibi or Sodin, and of which many suspect that they are behind find the same creators of GandCrab), Ryuk (one of the threats most deployed by Emotet), Netwalker, Ragnar or Maze, to name just a few.
Other variants that we can find have a less impact and are less elaborate, but for that reason they are detected in greater numbers. We would be talking about older ransomware variants such as WannaCry or Crysis , which in the middle of 2020 continue to lead the ranking of detections.
Currently, there has been an improvement in the tactics, techniques and procedures used by ransomware operators , going from using more or less simple techniques such as attachments or links embedded in emails to more sophisticated methods, but without completely stopping using the previous ones. .
To Learn More Click: mail365
Cyber attack, malware, ransomware
Thus, in the ransomware incidents that we currently observe, we can see numerous attack vectors , where thee-mailIt is still used in some cases such as targeted phishing , but also the use of exploit kits that download and run ransomware (and other threats) when accessing a link and, above all, attacks through RDP (Remote Desktop Protocol) , something that the significant increase in teleworking in Spain has helped a lot. And it is that although in 2019 only 5% of employees worked from home, this figure has increased so far this year to 34%, due to the health crisis caused by COVID-19.
Some sources point to a 40% increase in attacks related to ransomware during 2019, and the data obtained by ESET and shown in the report for the first quarter of 2020 seems to corroborate this. In addition, since the end of 2019 a trend began to popularize that consists not only in encrypting the information of the attacked company, but also in stealing it and threatening to make it public if it does not give in to blackmail.
There are numerous ransomware families that apply this tactic, with prominent variants such as Maze . Some of them have their own website where they publish the stolen information to those companies that have not paid the ransom. This pressure measure seems to be working , as the amounts requested are constantly increasing and some research indicates that, during the first quarter of 2020, the average would be more than 100,000 euros .
To the aforementioned, very elaborate attacks must be added to some companies that use techniques usually reserved for APTs (advanced persistent threats). In these cases, ransomware operators have even compromised the target company’s supply chain , first attacking one of its suppliers to gain access to the corporate network.
Incidents have also been observed where cybercriminals have managed to compromise the security of an MSP to subsequently access several companies that they had in their sights, and even 0-day vulnerabilities have been used to get past defenses.
Once inside the target corporate network, a phase of recognition and lateral movement begins to try to access those systems that contain the most interesting information. This is done with tools known as Mimikatz, theframeworkMetasploit or something more specialized and used by some criminal groups (but also by auditing professionals and Red Teams), such as Cobalt Strike or Empire.