Content, Content

CISO Alert: Expect “Brazen” Cyber Crews to Step Up Ransomware Tactics, Strategies

Credit: Pixabay

Cyber attackers are hitting managed service providers (MSPs) and software vendors hard but it’s the collaboration between peer organizations working on joint projects that’s also being insidiously exploited in stepped up "brazen" attacks, consultant Accenture said in a new report.

In its newly released 2020 Cyber Threatscape Report, a state-of-the state analysis of the cyber landscape accentuated with forecasts and strategic recommendations, Accenture emphasized that some nation-state cyber adversaries and ransomware gangs are deploying an arsenal of open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.

In addition, state-sponsored and organized criminal groups are increasingly relying on off-the-shelf and penetration testing tools mainly because they're easy to use, effective and cost-efficient. The audit specifically calls out the Russian cyber crew Belugasturgeon (also known as Turla or Snake), for its attacks on systems supporting Microsoft Exchange and Outlook Web Access. As with other malware crews, this group uses infected systems to hide traffic, relay commands, compromise email, steal data and gather credentials for espionage efforts.

Hacker Attack Techniques: A Closer Look

Accenture’s report, which aims to attract the attention of chief information security officers (CISO), IT security teams, business operations teams and other corporate leadership, examines the tactics, techniques and procedures (TTPs) employed by cyber adversaries and predicts how cyber incidents could evolve over the next year.

“Since COVID-19 radically shifted the way we work and live, we’ve seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities,” said Josh Ray, who heads Accenture's security cyber defense practice. “The biggest takeaway from our research is that organizations should expect cyber criminals to become more brazen as the potential opportunities and pay-outs from these campaigns climb to the stratosphere,” he said.

In the report, Accenture lists five factors that it believes are affecting the cyber threat landscape:

  • Covid accelerates the need for adaptive security. As data continues to be seen as a high value, sought after commodity, security leaders should put the right controls and monitoring in place to help create a safe and secure working environment for their enterprise.
  • New, sophisticated TTPs target business continuity. State-aligned operators could continue to emphasize stealth and persistence to meet their intelligence-gathering goals.
  • Masked or noisy cyber attacks complicate detection. Organizations should ensure they understand the commonly used tools and techniques, especially those involving malicious use of native systems and penetration test tools, and validate they can be detected in their environment.
  • Ransomware feeds new profitable, scalable business models. As threat actor profits increase, they can innovate and invest in more advanced ransomware and take advantage of the greater vulnerabilities of remote working.
  • Connectedness has consequences. Businesses are increasingly using unpatched and untested devices, which pose a much more realistic and accessible target. Cloud and Internet-connected devices are far more widespread. Security leaders are fighting back but operational technology threats still prompt the need for more effective security controls.

Accenture Recommendations

Accenture also offered five steps organizations can take to move towards what it calls a “more flexible and secure future,” specifically:

  1. Think "anytime, anywhere": Secure all users, devices, and network traffic consistently with the same degree of effectiveness.
  2. Be transparent: Give users access to what they need when they need it.
  3. Inspire calm and confidence: Make security leaders the catalyst for change, using empathy and compassion to deliver a more agile response.
  4. Where possible, simplify: Consider managed services and automate where it makes sense.
  5. Build for resilience: Make business continuity and crisis management plans fit for purpose, backed by the right resources and investments.

Enacting these measures offers organizations an opportunity to "outmaneuver uncertainty, emerge stronger from crises, and gain greater cyber resilience," Accenture said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.