TRENDING
“
IT IS IMPERATIVE
THAT ORGAN-
ISATIONS
DEVELOP A
HOLISTIC
UNDERSTANDING
OF THE
LANDSCAPE AND
HOW IT RELATES
TO THEM.
•
•
•
•
the distinct threat these sophisticated
cybercriminal groups pose
The developers of Gandcrab – a new
piece of ransomware identified by CTU
researchers in January and offered for
sale on Russian language underground
forums – have been observed offering
a partner programme in which the
developers received 30-40% of any
resulting revenue from successful attacks
There is no clear evidence that
ransomware has been displaced by
other capabilities such as cryptocurrency
mining, and targeted ransomware attacks
continue to be a worrying trend
The growth of traditional file-encrypting
ransomware did slow, but CTU
researchers nevertheless observed no less
than 257 new and distinct ransomware
families during the reporting period
Some of the more popular new
Ransomware-as-a-Service families release
regular updates and feature new additions
Ransomware continues to be a serious threat.
• There has been no significant decrease
in the volume of ransomware, banking
malware, point-of-sale (POS) memory
scrapers or other threats available for
purchase on underground forums
• The threat actors who developed
SamsamCrypt and BitPaymer, the two
most impactful ransomware threats
observed by CTU researchers during the
reporting period, have retained them for
their exclusive and targeted use, showing
Sophisticated criminal gangs are earning
millions of dollars of revenue through stolen
payment card data.
• Sophisticated criminal gangs have
combined advanced social engineering
(expertise in deception and manipulation)
and network intrusion techniques with
point-of-sale (POS) malware to generate
millions of dollars of revenue through
stolen payment card data
• The price of credit card details on
underground forums incentivises
criminals to target POS terminals, where
credit card details can be extracted from
the memory of the running device using
specialist malware
• Cybercriminals are also clever about
monetising card data even after the
theft has been discovered and credit
card dump sites such as JokerStash have
come under scrutiny as a possible way for
sophisticated criminals to do just that
The dark web is not the darkest depth of the
cybercriminal world.
• Sophisticated, organised criminal groups
are quietly dealing most of cybercrime’s
damage each year and they avoid the dark
web where possible to evade detection by
law enforcement and threat researchers
• These more sophisticated criminals may
use simple and readily available tools in
some cases, but their highly organised
approach and evolving capabilities
represent a significant threat
“The observations of CTU researchers over
the last 12 months show that the threat
from cybercrime is adaptive and constantly
evolving,” the report concluded. “To stay
ahead of it, it is imperative that organisations
develop a holistic understanding of the
landscape and how it relates to them and
tailor their security controls to address both
opportunistic and more highly targeted
cybercriminal threats.” n
Don Smith, Senior Director, Cyber
Intelligence Cell, Secureworks Counter
Threat Unit
30
INTELLIGENTCIO
www.intelligentcio.com