Hackers turn to new tactics to make attacks more effective
Some nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.
This is one of the findings of Accenture's latest Cyber Threatscape Report. Analysts have seen attackers using a combination of off-the-shelf tooling -- including 'living off the land' tools, shared hosting infrastructure and publicly developed exploit code -- and open source penetration testing tools to carry out cyberattacks and hide their tracks.
"Since COVID-19 radically shifted the way we work and live, we've seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities," says Josh Ray, who leads Accenture Security's cyber defense practice globally. "The biggest takeaway from our research is that organizations should expect cybercriminals to become more brazen as the potential opportunities and pay-outs from these campaigns climb to the stratosphere. In such a climate, organizations need to double down on putting the right controls in place and by leveraging reliable cyber threat intelligence to understand and expel the most complex threats."
The report notes how one notorious group has aggressively targeted systems supporting Microsoft Exchange and Outlook Web Access, in order to use these compromised systems as beachheads within a victim's environment to hide traffic, relay commands, compromise e-mail, steal data and gather credentials for espionage efforts. Operating from Russia, the group, which Accenture refers to as BELUGASTURGEON (also known as Turla or Snake), has been active for more than a decade and is associated with numerous cyberattacks aimed at government agencies, foreign policy research firms and think tanks around the world.
The study also finds ransomware has become a more lucrative business model in the past year, with cybercriminals taking online extortion to a new level by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The LockBit ransomware emerged earlier this year, which -- in addition to copying the extortion tactic -- has gained attention due to its self-spreading feature that quickly infects other computers on a corporate network.
You can find out more in the full report which is available from the Accenture site.