This is not the season to be merry yet, as even with more news about alleged ransomware operators (although not always the creators) being apprehended worldwide and known ransomware collectives announcing they are shutting down, risks still abound. With ransomware bitcoin payouts valued at a mind-blowing US$5.2 billion in the past three years alone, the threat remains lucrative and enticing to just about anyone with the inclination to try their hand at hacking. More worryingly, they don’t even need to be highly skilled to pull off an assault as criminal developers are offering “ransomware-as-a-service” (RaaS) options to choose from.
“Ransomware thrives because of its ability to adapt and innovate. For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance companies, and negotiators,” said Chester Wisniewski, a principal research scientist at Sophos.
“They’re now offloading to others the tasks of finding victims, installing, and executing the malware, and laundering the pilfered cryptocurrencies. This is distorting the cyberthreat landscape, and common threats, such as loaders, droppers, and Initial Access Brokers that were around and causing disruption well before the ascendancy of ransomware, are being sucked into the seemingly all-consuming ‘black hole’ that is ransomware.”
That is one of the key trends highlighted in the recently released Sophos 2022 Threat Report. It contains a multidimensional outlook on the security threats and trends facing organisations next year by the security threat researchers, data science experts, threat hunters and rapid responders at Sophos, a global leader in next-generation cybersecurity with more than 30 years of experience. Ransomware, malware, mobile security, artificial intelligence, and the overall threat landscape are the five main topics covered in the report, with a special focus on the importance of balance between prevention and detection in cyber-defence strategy.
“The technology industry uses the term shift left to indicate that, when a business can tackle a problem early on, rather than letting it fester, that business can save itself a lot of time, money, and debt,” Sophos CTO Joe Levy wrote in the report. “You can’t effectively secure an application if you introduce security at the end of the development process, and you can’t effectively secure systems or networks if you surrender the idea that better prevention is achievable, or if you believe that either prevention or detection, alone, can solve modern problems in information security.”
Cyber adversaries have shown that they are upskilling their tech know-how and adapting their operations to be more effective and stealthier. Therefore, we cannot be complacent and must always be vigilant and continuously evolve our cybersecurity approaches and arsenal to be ahead of the game.
Wisniewski adds, “It is no longer enough for organisations to assume they’re safe by simply monitoring security tools and ensuring they are detecting malicious code. Certain combinations of detections or even warnings are the modern equivalent of a burglar breaking a flower vase while climbing in through the back window.
“Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of entire networks.”
The cybercriminals keep seeking out and abusing vulnerabilities in defence tools and mechanisms to their advantage. The threat report noted the presence of criminal distribution networks being used, among other things, to target and spread malware infections to infiltrate Android and iOS mobile devices and Linux systems. This includes a move from deploying either shotgun attacks or highly specific targeting of potential victims, to a hybrid of the two methods. In 2021, Sophos researchers reported on such attacks by Gootloader and BazarLoader, for example.
Next year, Sophos researchers expect cryptocurrencies to remain a mainstay, fuelling cybercrimes until digital currencies are better regulated worldwide. In addition, AI applications and powerful machine learning models will see accelerated use in threat detection and alert prioritisation. Cyberattackers will also start to use these technologies to craft more cunning techniques, from disinformation campaigns to spoof social media profiles and more.
A recent Europol-INTERPOL joint cybercrime conference stressed the importance of innovation and collaboration to counter emerging online criminal activities. “Cybercrime is an urgent global security risk, costing trillions of dollars each year. To address what is a parallel crime pandemic, law enforcement and the private sector need to take strong, collective action,” said INTERPOL Secretary General Jürgen Stock.
Keeping up to date with the latest in the IT security industry and the online criminal community is an imperative component of prevention and detection measures against cyber intrusions. An in-depth view of the trends in ransomware services, commodity malware, attack tools, crypto miners and more is helpful when planning your organisation’s future cybersecurity strategy. Knowledge is power, and when the stakes are higher as more data is sent, received and stored online and in the cloud, one should never underestimate its impact. What you know and are prepared for could be your saving grace.
Read more on the trends in cybersecurity risks analysed and written by SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response and Sophos AI teams in the Sophos 2022 Threat Report: Interrelated threats target an interdependent world.
Sophos products help secure networks used by millions of users in 150 countries and over 500,000 businesses. Sophos has support offices in the UK, US, Australia, France, Spain, Italy, Japan, and the Philippines, so you can access a support technician who speaks your language.