cyber trends
a cryptocurrency miner across the
environment. CTU researchers have
also observed other government-
backed espionage groups deploying
cryptocurrency miners within
compromised networks.
The assumption that nation-state-
sponsored advanced persistent threats
(APTs) are dimensionally different
from advanced cybercrime threats is
fundamentally flawed.
Ransomware continues to be a
serious threat
• There has been no significant
decrease in the volume of
ransomware, banking malware, point-
of-sale (POS) memory scrapers or
other threats available for purchase
on underground forums
• The threat actors who developed
SamsamCrypt and BitPaymer, the
two most impactful ransomware
threats observed by CTU
researchers during the reporting
period, have retained them for
their exclusive and targeted use,
showing the distinct threat these
sophisticated cybercriminal
groups pose
• The developers of Gandcrab – a
new piece of ransomware identified
by CTU researchers in January
and offered for sale on Russian-
language underground forums
– have been observed offering a
partner programme in which the
developers received 30 to 40%
of any resulting revenue from
successful attacks
• There is no clear evidence that
ransomware has been displaced
by other capabilities such as
cryptocurrency mining and targeted
ransomware attacks continue to be a
worrying trend
• The growth of traditional file-
encrypting ransomware did slow
but CTU researchers nevertheless
observed no less than 257 new and
distinct ransomware families during
the reporting period
• Some of the more popular new
ransomware-as-a-service families
release regular updates and feature
new additions
Sophisticated criminal gangs are
earning millions of dollars of revenue
through stolen payment card data
• Sophisticated criminal gangs
have combined advanced social
engineering (expertise in deception
and manipulation) and network
intrusion techniques with point-of-
sale (POS) malware to generate
millions of dollars of revenue
through stolen payment card data
• The price of credit card details on
underground forums incentivises
criminals to target POS terminals,
where credit card details can be
extracted from the memory of
the running device using
specialist malware
• Cybercriminals are also clever
about monetising card data even
after the theft has been
discovered and credit
card dump sites such
as JokerStash have
come under scrutiny
as a possible way
for sophisticated
criminals to do just that
The Dark Web is not
the darkest depth of the
cybercriminal world
• Sophisticated, organised criminal
groups are quietly dealing most of
cybercrime’s damage each year
and they avoid the Dark Web where
possible to evade detection by law
enforcement and threat researchers
• These more sophisticated criminals
may use simple and readily
available tools in some cases, but
their highly organised approach and
evolving capabilities represent a
significant threat
“The observations of CTU
researchers over the last 12 months
show that the threat from cybercrime
is adaptive and constantly evolving,”
the report concludes. “To stay ahead
of it, it is imperative that organisations
develop a holistic understanding of the
landscape and how it relates to them
and tailor their security controls to
address both opportunistic and more
highly targeted cybercriminal threats.”
To download the full report, visit
secureworks.com. u
Among their findings
was evidence that
a small subset of
professional criminal
actors is responsible
for the bulk of
cybercrime-
related damage.
www.intelligentciso.com
|
Issue 08
21