Attackers are constantly looking for new methods of breaching enterprise networks, and these new ploys undoubtedly provide cybercriminals an edge over organizations that aren’t prepared for attacks. However, businesses are not powerless; by implementing some practical and proven strategies, they can make life very tough for ransomware groups and IABs.
When it comes to ransomware, cybercriminals are becoming more professional and strategic. They are increasingly mimicking how legitimate companies run their operations, using a burgeoning supply chain for cybercrime-as-a-service.
Organizations must take stringent measures to safeguard themselves from the evolving strategies of ransomware operators.
Here are some of the most important ransomware trends and strategies for avoiding these new attacks.
IABs are Increasing
Initial Access Brokers (IABs) are multiplying, which is proof that cybercrime is getting more lucrative. IABs are the first link in the kill chain for cybercrime-as-a-service, a shadow market of off-the-shelf services that any criminal can buy to build sophisticated tool chains to carry out about any type of digital offense imaginable.
The majority of IABs’ clients are ransomware operators who are willing to pay for access to victims while focusing their own efforts on improving their malware and extortion.
File less Attacks Go Unnoticed
Cybercriminals are adopting living-off-the-land (LotL) and file less strategies from Advanced Persistent Threat (APT) and nation-state groups to increase their chances of successfully deploying ransomware while avoiding detection.
These attacks use publicly available and legitimate software tools often present in a target’s environment. Threat actors evade detection by avoiding known indicators like file hashes or process names. Especially for widely used apps, application-allow lists, which allow the use of authorized applications, also fall short of limiting fraudulent users.
Targeting Low-Profile Targets
Critical infrastructure was seriously damaged by the high-profile Colonial Pipeline ransomware attack in May 2021, prompting an international response.
Such attacks spur investigation and coordinated action by defense agencies and law enforcement against ransomware operators, disrupting criminal enterprises and resulting in arrests and prosecutions. Most criminals prefer to operate covertly. Operators can afford to be opportunistic while lowering the risk to their own operations because there are so many potential targets. Because of the precise and granular firmographics provided by IABs, ransomware perpetrators have been able to target victims far more carefully.
Insiders Are Targeted
Ransomware operators now know that they can get access by working with rogue employees. Although the conversion rate may be low, the payback might be worthwhile.
Threat actors often approach employees to ask for assistance in granting initial access. Although discontentment with their job is the most frequent motive, insiders who fall for the bait have a variety of reasons why they may be willing to betray their organizations.
The proposals presented by ransomware groups can be alluring for any number of reasons. The employees that are contacted frequently receive offers ranging from US$500,000 to as much as US$1 million.
Steps to Improve Protection
The threat posed by ransomware operators grows, but there are several steps companies can implement to stay secure.
To reduce the impact of compromised credentials and improve the likelihood of detecting suspicious activity, businesses must adhere to zero-trust best practices, including least-privilege access and Multi-Factor Authentication (MFA). They must focus on reducing insider threats, a strategy that can minimize hostile behavior not only from employees but also from external actors who, after gaining access, appear to be insiders.
Additionally, it is vital to regularly engage in threat hunting, which can help in the early detection of file-less attacks and threat actors trying to get past defenses.