The success of ransomware gangs has spurred a significant trend of professionalisation amongst cyber criminals, where different groups develop specialised services to offer one another, according to a new report from WithSecure™ (formerly known as F-Secure Business).
Ransomware has been around for decades, but the threat has continuously adapted to improvements in defences through the years. One notable development is the current dominance of multi-point extortion ransomware groups, which employ several extortion strategies at once (usually both encryption to prevent access to data and stealing data to leak publicly) to pressure victims for payments.
Data leaks by multi-point extortion
Several other industries sat between the two due to ransomware groups having different victim distributions
According to an analysis of over 3000 data leaks by multi-point extortion ransomware groups, organisations in the United States were the most common victims of these attacks, followed by Canada, the United Kingdom, Germany, France, and Australia.
Taken together, organisations in these countries accounted for three-quarters of the leaks included in the analysis.
Impact on industries
The construction industry seemed to be the most impacted and accounted for 19% of the data leaks. Automotive companies, on the other hand, only accounted for about 6%.
Several other industries sat between the two due to ransomware groups having different victim distributions, with some families targeting one or more industries disproportionately to others.
Threat of ransomware
While the threat of ransomware has inflicted considerable pain on organisations in different countries and industries, its transformative impact on the cybercrime industry cannot be overstated.
“In pursuit of a bigger slice of the huge revenues of the ransomware industry, ransomware groups purchase capabilities from specialist e-crime suppliers, in much the same way that legitimate businesses outsource functions to increase their profits,” explained Senior Threat Intelligence Analyst, Stephen Robinson.
Advantages for cyber threat actors
Ransomware didn't create the cybercrime industry, but it has thrown fuel on the fire"
Stephen Robinson adds, “This ready supply of capabilities and information is being taken advantage of by more and more cyber threat actors, ranging from lone, low-skilled operators, right up to nation-state APTs."
He continues, "Ransomware didn't create the cybercrime industry, but it has thrown fuel on the fire.”
Type of cybercrime
In one notable example highlighted in the report, WithSecure investigated an incident that involved a single organisation compromised by five different threat actors, each with different objectives and representing a different type of cybercrime service:
- The Monti ransomware group
- Qakbot malware-as-a-service
- A crypto-jacking group known as the 8220 Gang (also tracked as Returned Libra)
- An unnamed initial access broker (IAB)
- A subset of Lazarus Group, an advanced persistent threat associated with North Korea’s Foreign Intelligence and Reconnaissance General Bureau
Professionalisation trend
The report predicts that it is likely that the number of attackers and the size of the cybercrime industry will both grow
According to the report, this professionalisation trend makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.
The report predicts that it is likely that the number of attackers and the size of the cybercrime industry will both grow in the coming years.
Changing ecosystem
“We often talk about the damage ransomware attacks cause to the victims. Less attention is paid to how ransom payments provide additional resources to attackers, which has encouraged the professionalisation trend described in the report."
"Near-term, we’re likely to see this changing ecosystem shape the resources and type of attacks facing defenders,” said WithSecure Head of Threat Intelligence, Tim West.
- Network / IP
- Remote surveillance
- Digital video surveillance
- Remote video surveillance
- IP video surveillance
- Electronic security systems
- Application security
- Physical security
- Industrial security
- Remote security
- Commercial security
- Perimeter security
- Security management
- Security policy
- Security devices
- Security installation
- Security tagging
- Security monitoring system
- Security access systems
- Network monitoring
- Asset tracking
- Video analytics
- Electronic access control
- Building security
- Facility security
- Industrial security systems
- Wireless security
- Door access control
- Security software
- IP Surveillance
- Security service
- Industrial surveillance
- Physical Security Information Management (PSIM)
- IP security solutions
- Integration software
- Perimeter protection
- Cyber security
- Crime prevention
- Crowd Management
- Corporate Security
- Indoor Security
- Central Monitoring
- Data Security
- Security Assessments
- Cloud security
- Mobile access
- Video surveillance
- Touchless Security
