Insights into recent cyber-threat activity was furnished by Forescout’s VP of menace protection, Sean Taylor, throughout a session at the RSA Convention 2022.
Environment the scene, Taylor mentioned that in worldwide danger intelligence, “understanding your adversary is essential.”
He then highlighted attacks conducted by Russian condition-backed attackers on Ukraine prior to the invasion. At the finish of 2021 and January 2022, this largely consisted of web page defacements on Ukrainian government sites with sinister messages posted, these kinds of as “be afraid and hold out for the worst.”
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
By mid-February, incidents generally consisted of DDoS attacks on Ukrainian banks and authorities web-sites. Last but not least, on February 23, on the eve of the invasion, numerous Wiper malware strategies had been launched against the Ukrainian govt and critical infrastructure companies. These provided WhisperGate and Hermetic Wiper.
Taylor also highlighted how hacktivist and cyber-criminal team functions are connected to the Russia-Ukraine conflict. This contains the Conti ransomware gang, who promptly affiliated on their own with Russia and threatening any state supporting Ukraine. Likewise, Russia-supporting hacktivist gang Killnet has been focusing on European nations around the world supporting Ukraine.
In addition, Taylor noticed that various unaffiliated cyber-criminal gangs ended up leveraging the war to assist launch attacks. These are:
- El Machete – a group focusing on economic/governing administration companies in Latin The us
- Lyceum – a group targeting strength companies in Israel and Saudi Arabia
- SideWinder – a team concentrating on Pakistan and other Central Asian nations
Curiously, every single of these groups have been employing email phishing lures with topic lines that have “something to do with Ukraine.”
Yet another craze talked about by Taylor was the development and evolution of ransomware. He observed that 3 several years back, ransomware attacks ended up “all about encrypting data.” Now, it has evolved to exfiltrating data then encrypting it – so-named double-extortion ransomware. “Ultimately you are getting these much more advanced ransomware families,” extra Taylor.
In addition, the obstacles of entry for ransomware attackers are considerably decreased, with the rise of ransomware-as-a-services. “Ultimately we hope that ransomware will proceed to evolve,” he claimed.
This is very likely to be pushed by two aspects:
- The proliferation of IoT gadgets
- The convergence of IT and OT gadgets
Ransomware IoT is a “game-changer that every person in the marketplace requirements to pay out consideration to,” according to Taylor. This is for the reason that this upcoming-generation ransomware is probably to exploit IoT units, encrypt IT and disrupt OT.
At this time, having said that, Taylor emphasised that it is quite doable to mitigate most ransomware attacks. He said a few key elements must be taken into account in this regard:
- Attacks are not fast or totally automatic
- Cybercrime-as-a-service implies there are hundreds of incredibly equivalent attacks taking place
- Most equipment and strategies they use are nicely-recognised
This signifies facts is out there on the strategies attackers “Look at what they do, how do they obtain first entry and then perform your way back and set those people defensive ways in place,” he suggested.
Some elements of this short article are sourced from:
www.infosecurity-journal.com
#RSAC: How To Deal With a Panicked C-Suite During a Ransomware Event