The increasing threat of ransomware and hacker groups

According to Accenture’s 2020 Cyber Threatscape Report, some highly skilled cyber hackers have been using new open-source tools in order to exploit corporate email systems and use online extortion.

With the spread of the pandemic and more people working from home, cyber attackers have been changing their tactics to take advantage of the new vulnerabilities. Organizations then are faced with a necessity to increase their security controls and to leverage reliable cyber threat intelligence to understand and remove the most complex threats.

These criminal groups have been using off-the-shelf tooling, such as shared hosting infrastructure and publicly developed exploit code as well as open-source penetration testing tools to perform cyberattacks and hide their tracks.

It is highly possible the organized criminal groups will keep on using these tools in the near future as they are easy to use, efficient, and cost-effective. The groups have also started to target systems supporting Microsoft Exchange and Outlook Web Access, before using these compromised systems as beachheads within a victim’s environment to hide traffic, relay commands, compromise emails, and steal data.

Ransomware, which has become a powerful business model over the past year, is a type of malware from crypto virology that threatens to reveal or sell the victim’s data or perpetually block access to it unless a ransom is paid. These criminals are the pioneers of this tactic, which is very lucrative, but also creates a wave of copycats.

Other hacker groups include LockBit ransomware, which is copying the extortion tactic and has self-spreading features that infect other computers on a corporate network, or even Sourface, an Iran-based hacker, using legitimate Windows functions and freely available tools for credential dumping in order to steal user authentication credentials and compromise other systems and accounts while disguised as a valid user.

These extortion attacks are becoming more and more common, especially against larger organizations, and could become a serious problem in the future.