Tag: Ransomware

Categories
Links

Podcast Recommendation: A Snapshot of the Contemporary Ransomware Ecosystem

For those looking to catch up on the current ransomware ecosystem, this podcast discussion with Greg Linares, Principal Threat Intelligence Analyst at Huntress, is worth a listen.

Linares shares insights into the modern ransomware landscape, including how crews increasingly operate like businesses and why groups such as Akira, Medusa, RansomHub, and Qilin continue to cause significant damage.

The discussion also touches on overlap between ransomware actors and nation-state activity, what “time to ransom” means operationally for defenders, and why techniques such as ClickFix and credential theft continue to succeed at scale.

It further examines the surge in abusing remote monitoring and management (RMM) tools, how “living-off-the-land” techniques allow operations to unfold without traditional malware, and the practical defenses smaller organizations can realistically prioritize.

You can listen online, Apple Podcasts, or other podcast directories and applications.

Categories
Links Writing

The Effects of Reduced Trust Amongst Cybercriminals

A new article on Binding Hook, by Jason R.C. Nurse and William Lyne, provides an insightful assessment of how the ransomware ecosystem is evolving.

Specifically, they note that:

  • Centralized platforms are giving way to decentralized means of exchanging information (e.g. credentials now disclosed or distributed over Telegram and not a singular website or forum)
  • There is a wider, and more dispersed, group of threat actors with the effect of enabling more flexible organizational structures
  • Fragmentation around ransomware groups and operations is not translating into fragmentation of other criminal activities (e.g., social engineering or romance scams)
  • Takedowns of centralized platforms enabling Ransomware as a Service, along with exit scams, is resulting in operators avoiding locations that depend on social trust

It’s not stated but, also, as there is a more diverse set of ransomware operators — and especially if some are less ‘professional’ than others — this may make it more challenging to assess statements they make towards victims (e.g., pay us and this all goes away). It may also make it more challenging to assess or confirm whether operators will destroy or delete data upon payment. In effect, the reduction of trust in the ransomware ‘marketplace’ may have knock-on effects that affect the valuation of ransomware operations and ability to extract payments from victims.

Categories
Links Writing

The Near-Term Impact of AI Technologies and Cyber Threats

In January, the UK’s National Cyber Security Centre (NCSC) published its assessment of the near-term impact of AI with regards to cyber threats. The whole assessment is worth reading for its clarity and brevity in identifying different ways that AI technologies will be used by high-capacity state actors, by other state and well resourced criminal and mercenary actors, and by comparatively low-skill actors.

A few items which caught my eye:

  • More sophisticated uses of AI in cyber operations are highly likely to be restricted to threat actors with access to quality training data, significant expertise (in both AI and cyber), and resources. More advanced uses are unlikely to be realised before 2025.
  • AI will almost certainly make cyber operations more impactful because threat actors will be able to analyse exfiltrated data faster and more effectively, and use it to train AI models.
  • AI lowers the barrier for novice cyber criminals, hackers-for-hire and hacktivists to carry out effective access and information gathering operations. This enhanced access will likely contribute to the global ransomware threat over the next two years.
  • Cyber resilience challenges will become more acute as the technology develops. To 2025, GenAI and large language models will make it difficult for everyone, regardless of their level of cyber security understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts.

There are more insights, such as the value of training data held by high capacity actors and the likelihood that low skill actors will see significant upskilling over the next 18 months due to the availability of AI technologies.

The potential to assess information more quickly may have particularly notable impacts in the national security space, enable more effective corporate espionage operations, as well as enhance cyber criminal activities. In all cases, the ability to assess and query volumes of information at speed and scale will let threat actors extract value from information more efficiently than today.

The fact that the same technologies may enable lower-skilled actors to undertake wider ransomware operations, where it will be challenging to distinguish legitimate versus illegitimate security-related emails, also speaks to the desperate need for organizations to transition to higher-security solutions, including multiple factor authentication or passkeys.

Categories
Links

Ransomware app hosted in Google Play infects unsuspecting Android user

Ars Technica:

In 2012, Google unveiled a cloud-based scanner dubbed bouncer that was billed as a way for the company to detect malicious apps before they were made available in Play. Five years later, discovery of malicious apps like Charger are a regular occurrence. Google makes little reference to the tool these days.

Android: a new bag of hurt found each week.