By Juliet Umeh
Next-generation Cyber Security Company, Sophos, has revealed the pattern cyber attackers will adopt to ravage and corporate IN 2021.
According to the company, the report provides a three-dimensional perspective which includes the gap between ransomware operators at different ends of the skills and resource spectrum will increase.
It said: “At the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organizations with multimillion-dollar ransom demands. In 2020, such families included Ryuk and RagnarLocker.”
At the other end of the spectrum, Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma that allows them to target high volumes of smaller prey.
Another ransomware trend is “secondary extortion,” where alongside the data encryption the attackers steal and threaten to publish sensitive or confidential information, if their demands are not met. In 2020, Sophos reported on Maze, RagnarLocker, Netwalker, REvil, and others using this approach.
“The ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets.
Principal research scientist of the company, Chester Wisniewski, said: “We have also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative ‘cartels,’. “Some, like Maze, appeared to pack their bags and head for a life of leisure, except that some of their tools and techniques have resurfaced under the guise of a newcomer, Egregor.
The cyberthreat landscape abhors a vacuum. If one threat disappears another one will quickly take its place. In many ways, it is almost impossible to predict where ransomware will go next, but the attack trends discussed in Sophos’ threat report this year are likely to continue into 2021.”
In another dimension, the company said that everyday threats such as commodity malware, including loaders and botnets, or human-operated Initial Access Brokers, will demand serious security attention.
It said: “Such threats can seem like low-level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions.
If human operators are behind these types of threats, they’ll review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation. For instance, in 2020, Ryuk used Buer Loader to deliver its ransomware.
Also, it noted that in the last dimension, “All ranks of adversaries will increasingly abuse legitimate tools, well-known utilities and common network destinations to evade detection and security measures and thwart analysis and attribution.
The abuse of legitimate tools enables adversaries to stay under the radar while they move around the network until they are ready to launch the main part of the attack, such as ransomware. For nation-state-sponsored attackers, there is the additional benefit that using common tools makes attribution harder.