I sat in a Mimecast x CrowdStrike webinar where they briefly touched on the threat landscape and how ransomware is here to stay and stay up the top for quite a while. Trends that are noticed are the size of the ransomware attacks, and that the payment demands are getting increasingly larger. Furthermore, they are becoming a lot more sophisticated. In comparison to the type of malware that tries to spread as far and wide as possible, such as phishing, foreign state actors and hacking groups are becoming more targeted in their selection of enterprises to attack. Crowdstrike is starting to notice how the attacks are a lot more co-ordinated; hacker groups are collaborating with other hacker groups with specialised skill sets; one can focus on payload, the other the attack vector and so on. An interesting point that they highlight is that in addition to co-ordinated attacks to be more laser focused and targeted, they are seeing an uptick in attacks centered on a specific niche area of the business: acquisitions, IPOs and mergers.
Reconnaissance has evolved to keep an eye out for these business dealings, to the point where hackers would drop RAT (Remote Access Trojans) within the business, which would then search for keywords like IPOs, NASDAQ, merger etc. It’s incredibly interesting how these groups have become more finessed and operating within a proper business model, where hackers within the entity have KPIs to achieve, just like any other employee.