Destructive ransomware, alternative crypto-currencies and increased use of deception tactics are among the threats driving the lucrative cybercriminal marketplace, the security branch of professional services company Accenture said in a recent report.
“The first six months of 2017 have seen an evolution of ransomware producing more viral variants unleashed by potential state-sponsored actors and cybercriminals,” said Josh Ray, managing director at Accenture Security, in a press release last week. “Our findings confirm that a new bar has been set for cybersecurity teams across all industries to defend their assets in the coming months.”
On July 25, iDefense, part of Accenture Security, released its 2017 Cyber Threatscape Report, which examined the key cyber trends during the first half of 2017 and explored how cyber incidents may evolve over the next six months. “Based on in-depth analysis, the report anticipates a growth in the number of threat actors who are rapidly expanding their capabilities due to factors such as the proliferation of affordable, customizable and accessible tools and exploits,” the release said.
The report relies on iDefense intelligence collection, research and analysis, including research using primary and secondary open-source materials. It covers the increased prevalence of destructive attacks and adversary denial and deception tactics; the aggressive use of information operations by nation-states; growth in the numbers and diversity of threat actors; as well as the greater availability of exploits, tools, encryption and anonymous payment systems available to malicious actors.
Reverse deception tactics– Increasing cybercriminal use of deception tactics, including anti-analysis code, steganography (hiding a secret message with an ordinary one) and expendable command-and-control servers used for concealment of stolen data. Greater public reporting on cyber threat activity and attribution may accelerate this denial and deception trend, increasing the cost of cyber defence efforts and resource allocations, the release suggested;
Sophisticated phishing campaigns – Cybercriminals continue to craft familiar lures – subject lines mentioning invoices, shipping, resumes, wire transfers, missed payments, etc. – but ransomware is displacing banking trojans as one of the most prevalent types of malware delivered via phishing techniques;
Strategic use of information operations – Escalation of espionage and disruption activity from state-sponsored actors may continue in response to fulfilling strategic collection requirements and geopolitical triggers such as economic sanctions, military exercises and religious conflicts;
Alternative crypto-currencies – Bitcoin continues to be the currency of choice among cybercriminals, however, the need to better conceal transactions is forcing cybercriminals to either develop and leverage bitcoin laundering techniques or adopt alternative cryptocurrencies; and
DDoS(distributed denial of service)-for-hire services – These services have given way to a thriving DDoS-for-hire botnet ecosystem leading to threat actors gaining greater access to increasingly potent and affordable DDoS-for-hire tools and services.
The report referenced the WannaCry and Petya malware outbreaks that wreaked havoc against worldwide businesses, governments and non-profit institutions in mid-2017. “WannaCry (linked to North Korea by defense agencies in the United States and United Kingdom) and Petya (with reported links to sources in Russia) are examples of a new strain of high-profile, global-scale, debilitating attacks, that appear to be government-sponsored and aimed at creating chaos and achieving strategic geopolitical goals,” the report explained. “Meanwhile, governments struggle to find an acceptable and proportionate response and deterrence actions, as more of what appear to be state-sponsored hackers use tools and techniques traditionally used by financially motivated cyber-criminals, complicating attribution and assessments of motive.”
To help tackle cybercrime, Accenture Security outlined what it called effective components for a business continuity plan:
Adopt proactive prevention – Recognize phishing scams through prevention training and awareness programs. Make it easy for employees to report fraudulent emails quickly, and keep testing internally to prove the training is working;
Elevate email controls – Maintain strong spam filters and authentication. Scan incoming and outgoing emails to detect threats and filter executable files. Consider a cloud-based email analytics solution;
Insulate infrastructure – Remove or limit local workstation admin rights or seek out the right configuration combinations (e.g. virus scanners, firewalls). Regularly patch operating systems and applications; and
Plan for continuity – To avoid paying any ransom, have a strong cyber resilience plan for recovery that is regularly reviewed, updated and tested.