More

    Malware and Ransomware Services Reduce Entry Barriers for Cybercriminals

    Cybercrime

    Understanding the Evolving Cyber Threat Landscape

    The sophistication of cyber threats has escalated dramatically, with malicious actors deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to recent insights from Darktrace. This evolution in cybercrime presents a complex challenge for organizations aiming to protect their data and systems.

    ![MaaS Threat Landscape](https://img2.helpnetsecurity.com/posts2024/darktrace-07082024_MaaS threat landscape.webp)

    The Rise of Cybercrime-as-a-Service

    Subscription-based tools like Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have lowered the barrier to entry for less experienced attackers. This accessibility has led to a surge in complex, multistage attacks. With established cybercrime-infrastructure groups like Lockbit and Black Basta, even individuals with limited technical knowledge can now carry out sophisticated cyber offenses. These groups offer everything from pre-made malware to phishing email templates, making it significantly easier for attackers to engage in cybercrime.

    Nathaniel Jones, Director of Strategic Threat and Engagement at Darktrace, notes that while the threat landscape continues to evolve, “new threats often build upon old foundations rather than replacing them.” This perspective emphasizes the ongoing relevance of familiar techniques, even as new malware families come into play.

    Persistent Threats: Malware Trends

    Data from early 2024 suggests that certain threats continue to dominate the landscape. The most common types of threats observed between January and June include:

    • Information-stealing malware (29% of early triaged investigations)
    • Trojans (15% of investigated threats)
    • Remote Access Trojans (RATs) (12% of investigated threats)
    • Botnets (6% of investigated threats)
    • Loaders (6% of investigated threats)

    One notable emergence is Qilin ransomware, known for its refined tactics like rebooting infected machines in safe mode to bypass security controls. This kind of evolution highlights the continuous need for organizations to adapt their security measures.

    Ransomware: A Growing Concern

    Ransomware remains a significant threat for organizations. The new double extortion methods have become prevalent among ransomware strains, where attackers not only encrypt data but also threaten to leak it, adding pressure on victims to comply with demands. Darktrace’s Threat Research Team has identified three prevalent ransomware strains—Akira, Lockbit, and Black Basta—all employing these double extortion tactics.

    The Continuing Phishing Battle

    Phishing presents a formidable challenge, with 17.8 million phishing emails detected across Darktrace’s customer fleet between December 21, 2023, and July 5, 2024. Alarmingly, 62% of these emails successfully bypassed Domain-based Message Authentication, Reporting, and Conformance (DMARC) verification checks, an industry-standard designed to secure email domains. Furthermore, 56% of phishing emails slipped through all existing security layers.

    Cybercriminals are now employing more sophisticated tactics, integrating legitimate third-party services into their schemes to blend in with normal network traffic. The increase in covert command and control (C2) mechanisms, such as remote monitoring and management (RMM) tools and tunneling, underscores the complexity of current phishing threats.

    Edge Infrastructure Vulnerabilities

    Another critical concern is the rise in mass exploitation of vulnerabilities in edge infrastructure devices. Darktrace has pinpointed vulnerabilities related to platforms such as Ivanti Connect Secure, JetBrains TeamCity, FortiClient Enterprise Management Server, and Palo Alto Networks PAN-OS. Such compromises often serve as gateways for further malicious activities, making it crucial for organizations to shore up defenses around these assets.

    The Importance of Vigilance

    Organizations must remain vigilant and not overlook existing attack trends and Common Vulnerabilities and Exposures (CVEs). Between January and June, attackers successfully exploited CVEs in about 40% of the cases investigated by the Threat Research Team. This statistic serves as a stark reminder that cybercriminals may revert to previously dormant methods to exploit security weaknesses.

    As the threat landscape continues to evolve, integrating robust, AI-driven security measures that can operate in real time is paramount. Organizations need to fortify their defenses, enabling them to detect unusual activities without relying merely on prior knowledge of specific tactics.

    In an era where cyber threats are ever-present and evolving, understanding the landscape is critical for protecting valuable assets and maintaining business continuity.

    Latest articles

    Previous article
    5 Key Insights to Consider Before Tuesday’s Stock Market Opening
    Next article
    4 Ways MDM Solutions Empower IT to Stay Proactive with Regulatory Compliance

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here

    Popular

    Popular articles

    Featured

    Popular categories

    Cybercrime88Corporate News76Generative AI76Operating Systems75Robotics74Wearables73

    © Copyright - Tbh.technology