Intelligent CIO Europe Issue 12 | Page 30

TRENDING “ IT IS IMPERATIVE THAT ORGAN- ISATIONS DEVELOP A HOLISTIC UNDERSTANDING OF THE LANDSCAPE AND HOW IT RELATES TO THEM. • • • • the distinct threat these sophisticated cybercriminal groups pose The developers of Gandcrab – a new piece of ransomware identified by CTU researchers in January and offered for sale on Russian language underground forums – have been observed offering a partner programme in which the developers received 30-40% of any resulting revenue from successful attacks There is no clear evidence that ransomware has been displaced by other capabilities such as cryptocurrency mining, and targeted ransomware attacks continue to be a worrying trend The growth of traditional file-encrypting ransomware did slow, but CTU researchers nevertheless observed no less than 257 new and distinct ransomware families during the reporting period Some of the more popular new Ransomware-as-a-Service families release regular updates and feature new additions Ransomware continues to be a serious threat. • There has been no significant decrease in the volume of ransomware, banking malware, point-of-sale (POS) memory scrapers or other threats available for purchase on underground forums • The threat actors who developed SamsamCrypt and BitPaymer, the two most impactful ransomware threats observed by CTU researchers during the reporting period, have retained them for their exclusive and targeted use, showing Sophisticated criminal gangs are earning millions of dollars of revenue through stolen payment card data. • Sophisticated criminal gangs have combined advanced social engineering (expertise in deception and manipulation) and network intrusion techniques with point-of-sale (POS) malware to generate millions of dollars of revenue through stolen payment card data • The price of credit card details on underground forums incentivises criminals to target POS terminals, where credit card details can be extracted from the memory of the running device using specialist malware • Cybercriminals are also clever about monetising card data even after the theft has been discovered and credit card dump sites such as JokerStash have come under scrutiny as a possible way for sophisticated criminals to do just that The dark web is not the darkest depth of the cybercriminal world. • Sophisticated, organised criminal groups are quietly dealing most of cybercrime’s damage each year and they avoid the dark web where possible to evade detection by law enforcement and threat researchers • These more sophisticated criminals may use simple and readily available tools in some cases, but their highly organised approach and evolving capabilities represent a significant threat “The observations of CTU researchers over the last 12 months show that the threat from cybercrime is adaptive and constantly evolving,” the report concluded. “To stay ahead of it, it is imperative that organisations develop a holistic understanding of the landscape and how it relates to them and tailor their security controls to address both opportunistic and more highly targeted cybercriminal threats.” n Don Smith, Senior Director, Cyber Intelligence Cell, Secureworks Counter Threat Unit 30 INTELLIGENTCIO www.intelligentcio.com