🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Protect your organization from external threats like data leaks, brand threats, dark web originated threats and more. Schedule a demo today!
Schedule a Demo
Companies of all sizes and sectors fall prey to data breaches and ransomware attacks. Security incident(s) that result in data leakage can stain the reputation of the concerned organization, let alone the legal battle that follows. Enterprises spend millions of money on security products to attain a comprehensive security posture, yet attackers are able to compromise networks and exfiltrate data. Threat actors as well as state sponsored actors craft sophisticated attack vectors that are undetectable and develop zero-day exploits for applications used by victim organizations.Â
Quite often, the RaaS model for ransomware developers are advertised on underground hacker forums. Today, anyone can make use of the RaaS platform and become a ransomware operator. Companies pay the ransom amount, when it becomes the only viable option. This emboldens threat actors to carry out more campaigns against organizations.
State sponsored APTs are more dangerous since they are backed by nation states. Their funding never runs dry, which in turn enables them to develop complex infrastructure. Target objective is another factor that makes APTs stand out, since geopolitical factors are their primary motivation and not financial factors.
Recent trends in the cyber threat intelligence landscape involves ransomware and banking trojans. Multistage complex malware downloaders can also be found in the wild. They facilitate further dissemination of ransomware and other spyware/ trojans. Certain ransomware groups also engage in looting cryptocurrency by compromising crypto exchanges.
Ryuk has been spotted in various attacks targeting enterprise organizations worldwide, demanding ransom payments ranging from 15 to 50 Bitcoins (BTC); which translates to between US$97,000 and $320,000 at the time of valuation.Â
REvil/ Sodinokibi ransomware was first detected in 2019, targeting the health and IT sectors. Later, it began auctioning off sensitive data over the dark web, stolen from companies using its malicious code. As part of their tactics, this ransomware group threatens to release their victims’ data, unless their ransom demands are met.
Dharma ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
Djvu is a high-risk virus that belongs to the STOP malware family. Firstly discovered by Michael Gillespie, this virus is categorized as ransomware and is designed to lock (encrypt) files using a cryptography algorithm.Â
Cooperation between ransomware families has also been noticed to increase lately, enforcing more efficiency in operating Ransomware as a Service offerings.
STOP, Dharma, Phobos, and REvil have had major roles to play in the RaaS sector. They are very active, even today, carrying out their campaigns, especially Dharma and REvil.
Malware attacks are simple use cases where a malicious file is written to disk. This can be easily detected and blocked by Endpoint Detection and Response (EDR). Malware-free attacks are more in-memory code execution and credential spraying attacks that require more sophisticated detection mechanisms. We have seen an increase in malware-free attacks as part of campaigns since 2019. They successfully evade security measures and defenses set up by the enterprises.
The total cost of a ransomware attack includes the ransom amount (if paid), costs for network remediation, lost revenue, and the cost of a potential damage to the reputation of the brand. Recent trends in attacks indicate that more businesses are targeted and threatened to release data, for a ransom.Â
It seems that ransomware groups have evaluated the long-term impacts of their attack on the brand image, trust, and reputation of organizations that refuse to pay up. Ryuk ransomware is largely responsible for the massive surge in ransomware demands. Ransomware operators demand an average of $288,000 for the release of systems.
Taking into account the current trend and statistics, ransomware + downtime costs for the top five countries for 2020 are estimated to be:
Hidden Costs of ransomware
“WHO reports fivefold increase in cyber attacks, urges vigilance”
Threat actors have exploited COVID-19 extensively to carry out phishing attacks, masquerading as WHO and similar agencies, to deliver malware-laced emails. COVID-19-related phishing attacks went up by 667%, scams increased by 400% over the month of March 2020, making Coronavirus the largest-ever security threat. To make things worse, social distancing guidelines observed across countries forced organizations to work from remote locations, putting the security of such organizations at risk. Remote work exposed user endpoints to external threats and had the following impacts:
For an average company earning $10K/ hour, operating 8 hours a day, and 5 days a week, the downtime cost is estimated at $1,760,000 each month. Estimated average downtime is 1-2 hours. Cost of 1.6 hours average downtime/ week for a Fortune 500 company is approximately $46M per year.Â
A Distributed Denial of Service attack that temporarily disrupts the activities of a website, can last for a few days or even longer. According to the IDG DDoS report, 36% of companies that have experienced more than five DDoS attacks, suffer an average downtime of 7-12 hours.
An experienced Cyber Threat Intelligence (CTI) team gathers information from different sources and converts it into intelligence to safeguard client corporations. If an effective CTI is not part of a company’s mature security model they can fall prey to any attack at any time.
A CTI team can actively monitor and create actionable intelligence on the following areas of your business:
Threat intelligence must be actionable. Threat Intelligence provides Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs) to the security team, especially to the Security Operation Center (SOC) team, for proactive/ reactive measures to counter cyber threats.
These are some of the common Indicators of Compromise:
TTPs define the behaviour of a threat actor or group and explain how the actor carries out an attack against the network and makes a lateral movement within the intranet.Â
MITRE ATT&CK is the most widely used, open-source threat intelligence framework to understand adversary tactics and techniques. There are 11 tactics and 291 techniques listed in this framework.
Tactic |
Techniques |
Initial Access | T1193: Spear Phishing Attachment |
Execution | T1059: Command-Line Interface
T1086: PowerShell T1085: Rundll32 T1064: Scripting T1204: User Execution T1028: Windows Remote Management |
The efficacy of a CTI team to predict the possibility of an occurrence and ensure effective implementation of mitigation measures is essential to the survival of any organisation in their current realm of operations.
To further their nefarious intentions, threat actors arm themselves with sophisticated tools and advanced capabilities. It is quite difficult for the law enforcement as well as cyber security practitioners to keep pace with these actors. An effective CTI system can help organizations contain the attack within the network, reduce associated costs, and minimize data loss. Investing in a strong CTI system will allow security operation centers to predict and mitigate attacks proactively. However, a CTI system is only as strong as its weakest link: humans. Human errors can cause even the most impenetrable, robust security system to fail. A good security system monitors information systems and applications and conducts regular vulnerability assessments and pentesting. But, a comprehensive security system prioritizes employee/ user training and updation on cyber hygiene and best practices.
Explore the escalating wave of cyber threats on platforms like Google Groups and Usenet, uncovering the pivotal role of cybersecurity in safeguarding online discussion forums.
Threat actors have been abusing advertisement services to serve malware to users and redirect traffic to websites purchasing services from them.
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
min read
Why you should be worried about a cyber pandemic that could take over the cyberspace
Companies of all sizes and sectors fall prey to data breaches and ransomware attacks. Security incident(s) that result in data leakage can stain the reputation of the concerned organization, let alone the legal battle that follows. Enterprises spend millions of money on security products to attain a comprehensive security posture, yet attackers are able to compromise networks and exfiltrate data. Threat actors as well as state sponsored actors craft sophisticated attack vectors that are undetectable and develop zero-day exploits for applications used by victim organizations.Â
Quite often, the RaaS model for ransomware developers are advertised on underground hacker forums. Today, anyone can make use of the RaaS platform and become a ransomware operator. Companies pay the ransom amount, when it becomes the only viable option. This emboldens threat actors to carry out more campaigns against organizations.
State sponsored APTs are more dangerous since they are backed by nation states. Their funding never runs dry, which in turn enables them to develop complex infrastructure. Target objective is another factor that makes APTs stand out, since geopolitical factors are their primary motivation and not financial factors.
Recent trends in the cyber threat intelligence landscape involves ransomware and banking trojans. Multistage complex malware downloaders can also be found in the wild. They facilitate further dissemination of ransomware and other spyware/ trojans. Certain ransomware groups also engage in looting cryptocurrency by compromising crypto exchanges.
Ryuk has been spotted in various attacks targeting enterprise organizations worldwide, demanding ransom payments ranging from 15 to 50 Bitcoins (BTC); which translates to between US$97,000 and $320,000 at the time of valuation.Â
REvil/ Sodinokibi ransomware was first detected in 2019, targeting the health and IT sectors. Later, it began auctioning off sensitive data over the dark web, stolen from companies using its malicious code. As part of their tactics, this ransomware group threatens to release their victims’ data, unless their ransom demands are met.
Dharma ransomware appends various extensions to infected files and is a variant of CrySiS. The malware has been in operation since 2016 and the threat actors behind the ransomware continue to release new variants which are not decryptable.
Djvu is a high-risk virus that belongs to the STOP malware family. Firstly discovered by Michael Gillespie, this virus is categorized as ransomware and is designed to lock (encrypt) files using a cryptography algorithm.Â
Cooperation between ransomware families has also been noticed to increase lately, enforcing more efficiency in operating Ransomware as a Service offerings.
STOP, Dharma, Phobos, and REvil have had major roles to play in the RaaS sector. They are very active, even today, carrying out their campaigns, especially Dharma and REvil.
Malware attacks are simple use cases where a malicious file is written to disk. This can be easily detected and blocked by Endpoint Detection and Response (EDR). Malware-free attacks are more in-memory code execution and credential spraying attacks that require more sophisticated detection mechanisms. We have seen an increase in malware-free attacks as part of campaigns since 2019. They successfully evade security measures and defenses set up by the enterprises.
The total cost of a ransomware attack includes the ransom amount (if paid), costs for network remediation, lost revenue, and the cost of a potential damage to the reputation of the brand. Recent trends in attacks indicate that more businesses are targeted and threatened to release data, for a ransom.Â
It seems that ransomware groups have evaluated the long-term impacts of their attack on the brand image, trust, and reputation of organizations that refuse to pay up. Ryuk ransomware is largely responsible for the massive surge in ransomware demands. Ransomware operators demand an average of $288,000 for the release of systems.
Taking into account the current trend and statistics, ransomware + downtime costs for the top five countries for 2020 are estimated to be:
Hidden Costs of ransomware
“WHO reports fivefold increase in cyber attacks, urges vigilance”
Threat actors have exploited COVID-19 extensively to carry out phishing attacks, masquerading as WHO and similar agencies, to deliver malware-laced emails. COVID-19-related phishing attacks went up by 667%, scams increased by 400% over the month of March 2020, making Coronavirus the largest-ever security threat. To make things worse, social distancing guidelines observed across countries forced organizations to work from remote locations, putting the security of such organizations at risk. Remote work exposed user endpoints to external threats and had the following impacts:
For an average company earning $10K/ hour, operating 8 hours a day, and 5 days a week, the downtime cost is estimated at $1,760,000 each month. Estimated average downtime is 1-2 hours. Cost of 1.6 hours average downtime/ week for a Fortune 500 company is approximately $46M per year.Â
A Distributed Denial of Service attack that temporarily disrupts the activities of a website, can last for a few days or even longer. According to the IDG DDoS report, 36% of companies that have experienced more than five DDoS attacks, suffer an average downtime of 7-12 hours.
An experienced Cyber Threat Intelligence (CTI) team gathers information from different sources and converts it into intelligence to safeguard client corporations. If an effective CTI is not part of a company’s mature security model they can fall prey to any attack at any time.
A CTI team can actively monitor and create actionable intelligence on the following areas of your business:
Threat intelligence must be actionable. Threat Intelligence provides Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs) to the security team, especially to the Security Operation Center (SOC) team, for proactive/ reactive measures to counter cyber threats.
These are some of the common Indicators of Compromise:
TTPs define the behaviour of a threat actor or group and explain how the actor carries out an attack against the network and makes a lateral movement within the intranet.Â
MITRE ATT&CK is the most widely used, open-source threat intelligence framework to understand adversary tactics and techniques. There are 11 tactics and 291 techniques listed in this framework.
Tactic |
Techniques |
Initial Access | T1193: Spear Phishing Attachment |
Execution | T1059: Command-Line Interface
T1086: PowerShell T1085: Rundll32 T1064: Scripting T1204: User Execution T1028: Windows Remote Management |
The efficacy of a CTI team to predict the possibility of an occurrence and ensure effective implementation of mitigation measures is essential to the survival of any organisation in their current realm of operations.
To further their nefarious intentions, threat actors arm themselves with sophisticated tools and advanced capabilities. It is quite difficult for the law enforcement as well as cyber security practitioners to keep pace with these actors. An effective CTI system can help organizations contain the attack within the network, reduce associated costs, and minimize data loss. Investing in a strong CTI system will allow security operation centers to predict and mitigate attacks proactively. However, a CTI system is only as strong as its weakest link: humans. Human errors can cause even the most impenetrable, robust security system to fail. A good security system monitors information systems and applications and conducts regular vulnerability assessments and pentesting. But, a comprehensive security system prioritizes employee/ user training and updation on cyber hygiene and best practices.