With the onset of the global pandemic, cybercriminals have started to adopt new and updated tactics. These emerging trends in cyberattacks have ransomware as the prevalent player, as pointed out by the McAfee Advanced Threat Report. Ransomware attacks continue to extract millions by attacking large and small enterprises alike. With the digital economy and transformation, businesses are vulnerable to cyberattacks unless they implement the best practices in cybersecurity.
Read this: Top 10 cybersecurity trends in 2021
In May this year, the criminal hacking group DarkSide attacked a major oil pipeline company. The cyberattack was so severe that it crippled fuel transportation across the Southeastern US for a week. Colonial Pipeline had to halt all operational processes and could not function. With cyberattacks becoming the norm, hackers are now introducing Ransomware-as-a-Service (RaaS) campaigns for sophisticated and continued attacks.
Main actors involved in ransomware
DarkSide launching a ransomware attack on Colonial Pipeline is the biggest news to dominate the cybersecurity landscape this year. However, as per the report, we do see and acknowledge the rise of other cyber-criminal groups such as Conti, Ryuk, Babuk and REvil. In Q2 of 2021, these new cybercriminals have preceded DarkSide with their upgraded cyberattacks.
Just as the cybersecurity world was coming to terms with DarkSide’s attack, in July tragedy struck again. This time it was REvil, which attacked Kaseya, a global IT infrastructure provider. It used Kaseya’s Virtual System Administrator (VSA) to deliver its Sodinokibi ransomware through an auto-update.
After the DarkSide and REvil attacks, another ransomware, BlackMatter rose to prominence. It emerged primarily in India, Italy, Brazil, Belgium, the United States, Thailand, the United Kingdom, Finland, and Ireland. BlackMatter ransomware operates as a RaaS that has incorporated elements from REvil, DarkSide & Lockbit. Based on the similarity of the code and resemblance of their public page, many believe BlackMatter to be a continuation of the DarkSide ransomware.
In mid-2021, another upgraded version of old ransomware was discovered. Lockbit 2.0 ransomware is the updated version of Lockbit with several new features. It automatically encrypts devices throughout the domain, accesses systems and exfiltrates data over RDP. This updated version can recruit new affiliates from inside in large scale enterprises for their attacks.
Ransomware developers are introducing sophisticated attack campaigns in different industry verticals. The Hive ransomware, operating as a RaaS, first appeared in June 2021. It has prevalence in India, Belgium, the United States, Turkey, Italy, Mexico, Germany, Thailand, Ukraine, Colombia. Developed and written in Go language, this particular ransomware attacks the healthcare and critical infrastructure industries.
The aftereffects of ransomware attacks
The Q2 of 2021 has been a very exciting and vibrant phase for the cybersecurity world. Ransomware attacks got the attention that was needed to stop these criminal groups. It became the talking point for the U.S administration as a high-profile agenda. Things also changed drastically in the safe underground forums where RaaS companies thrived.
The economic and political impact of DarkSide’s deadly attack on Colonial Pipeline led to some major historic changes. The abrupt halt in fuel supply and the resulting consumer & economic effects put ransomware attackers in the limelight. Hence, due to the pressure from the authorities and fear of law, DarkSide decided to stop its operations. Many other cyber-criminal groups have assured that they would consider their future targets and not attack certain sectors.
One of the major aftereffects is the total ban on ransomware advertisements in underground forums. Exploit and XSS, two of the most influential underground forums, announced this ban. For years, these two forums had become the hotbed of cybercrime and ransomware operations. They helped cybercriminals with a safe haven for Crypter services, Stealer logs and trading in breached networks.
Cloud Security Threat
The shifting to a digital hybrid work environment has ensured the adoption of cloud technology by most businesses. However, this shift to cloud storage for accommodating a flexible workforce makes the system vulnerable to cyber-attacks. McAfee’s cloud threat research team has identified the most important reasons for cloud threats in Q2,2021. These are:
- Over usage from anomalous location
- Data exfiltration from inside
- Misuse of privilege access
- Exfiltration of sensitive data
- Privilege access exfiltration
- Land expand exfiltration
- Data exfiltration by privileged user
Read Next: The Future of Cyber Security in India
Sources: https://www.mcafee.com/enterprise/en-us/lp/threats-reports/oct-2021.html
