Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom.

Picture this: It’s a normal day of working from home as usual since the COVID-19 outbreak. After that satisfying cup of coffee, you log in. But something is wrong. No matter how many times you click, your files don’t open. Your screen is frozen and refuses to budge. And then, you see one of the worst nightmares any IT admin can imagine: “Oops, your files have been encrypted. But don’t worry, we haven’t deleted them yet.

The 2010 Stuxnet malicious software attack on a uranium enrichment plant in Iran had all the twists and turns of a spy thriller. The plant was air gapped (not connected to the internet) so it couldn’t be targeted directly by an outsider. Instead, the attackers infected five of the plant’s partner organizations, hoping that an engineer from one of them would unknowingly introduce the malware to the network via a thumb drive.

Organizations can take various steps to protect their operational technology (OT) environments against digital threats. But some stand out more than others. In particular, network segmentation is described as “the first answer to insufficient ICS (Industrial Control System) cybersecurity.” Experts advocate zoning ICS assets to coordinate informational technology (IT) and OT environments effectively. That doesn’t always happen, however.

Cyberint Research observed a number of unsolicited malicious email (malspam) campaigns throughout July 2021 in which Agent Tesla has been used to deliver 'Oski Stealer' to a variety of targets worldwide. First observed around November 2019, Oski Stealer is a popular threat, used to gather credentials and/or financial data from victims, and is readily available to purchase on various cybercriminal forums, typically advertised by a threat actor known as 'oski_seller', for around US$70-100.

Ransomware. Nearly every day, we learn about another major attack on companies such as JBS, Kaseya, and Quanta, a key supplier to Apple. Along with the increase in attacks, recent reports have shown the average ransomware recovery cost skyrocketed to $1.85 million this year. And, as companies have become more willing to accept attackers’ ransom demands to restore their mission-critical operations, the average ransomware payment has jumped to more than $170,000.

The Splunk Threat Research Team has assessed several samples of Trickbot, a popular crimeware carrier that allows malicious actors to deliver multiple types of payloads.

Incidents of ransomware have been increasing and evolving steadily for years as financially motivated adversaries shift tactics when one is no longer profitable. Unfortunately, many organizations haven’t been able to adapt their security operations to keep up. Back in 2019, 60% of organizations told ESG that they experienced a ransomware attack that year, with 29% reporting that attacks happened at least on a weekly basis.