Banks have been "disproportionately affected" by a surge in ransomware attacks, clocking a 1,318% increase year-on-year in 2021.
Ransomware has become one of the most well-known and prevalent threats against the enterprise today. This year alone, we have seen high-profile cases of ransomware infection -- including against Colonial Pipeline, Kaseya, and Ireland's health service -- cause everything from business disruption to fuel shortages, declarations of national emergency, and restricted medical care.
These attacks are performed for what can end up being multi-million dollar payouts and now these campaigns are becoming easier to perform with initial access offerings becoming readily available to purchase online, cutting out the time-consuming legwork necessary to launch ransomware on a corporate network.
There are a number of trends in the ransomware space of note, including:
In a cybersecurity threat roundup report published on Tuesday, researchers from Trend Micro said that during the first half of this year, ransomware remained a "standout threat" with large companies particularly at risk -- due to their revenue and the prospect of big payouts -- in what is known as "big-game hunting."
During the first six months of 2021, 7.3 million ransomware-related events were detected, the majority of which were WannaCry and Locky variants.
However, this is approximately half the number of detections during the same period in 2020, a decline the researchers have attributed to a shift away from low-value attempts to big-game hunts.
"An incident with the DarkSide ransomware [Colonial Pipeline attack] brought heightened attention to ransomware operators, which might have prompted some of them to lie low," the researchers say. "Meanwhile, law enforcement agencies across the world conducted a series of ransomware operations takedowns that might have left an impact on wide-reaching active groups."
Banking, government entities, and manufacturing remain top targets for ransomware operators today.
Trend MicroOpen source and legitimate penetration testing or cybersecurity tools are also being widely abused by these threat actors. Cobalt Strike, PsExec, Mimikatz, and Process Hacker are noted in the report as present in the arsenals of Ransomware-as-a-Service (RaaS) groups including Clop, Conti, Maze, and Sodinokibi.
In addition to ransomware, Business email compromise (BEC) rates have also increased slightly, by 4%, and cryptocurrency miners are now one of the most common strains of malware detected in the wild.
Trend Micro has also explored how misinformation relating to the COVID-19 pandemic is being used to spread malware. Phishing, social media, and social engineering are commonly employed to lure users into clicking on malicious attachments or visiting fraudulent domains, and coronavirus-related themes generally relate now not to the disease itself, but to testing and vaccination projects.
Malicious apps are part of the spread, some of which are spreading banking Remote Access Trojans (RATs) including Cerberus and Anubis.
Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0