TWO separate reports, from cybersecurity experts Kasperky and Sophos revealed that malware and ransomware persist as significant cyber threats, in the manufacturing and enterprise landscapes.
On one hand, Kaspersky Digital Footprint Intelligence team presented a new study that reveals ransomware as the most widespread Malware-as-a-Service (MaaS) over the past seven years. Based on research conducted on 97 malware families been distributed on the dark web and other resources. Additionally, the researchers found that cybercriminals often lease infostealers, botnets, loaders, and backdoors to carry out their attacks.
READ: 58 percent of malware families sold as a service are ransomware
On the other hand, the Sophos report “The State of Ransomware in Manufacturing and Production 2023,” found that in more than two-thirds (68 percent) of ransomware attacks against the industrial sector, the adversaries successfully encrypted data. This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.
READ: Manufacturing companies hit by ransomware had their data encrypted, Sophos survey
Malware and ransomware attacks are highly lucrative for cybercriminals. Ransomware, in particular, allows attackers to extort money anywhere from a few hundred dollars to millions paid through cryptocurrency, from victims by encrypting their files and demanding a ransom in exchange for the decryption key. The potential financial gains incentivize cybercriminals to continue developing and deploying these threats.
An example is Infostealer–whose services are paid through a subscription model. They are priced between 100 and 300 U.S. dollars per month. For example, Raccoon Stealer, which was discontinued in early February 2023, could be acquired for 275 U.S. dollars per month or 150 U.S. dollars per week. Its competitor, RedLine, has monthly price of 150 U.S. dollars, and there is also an option to purchase a lifetime license for 900 U.S. dollars, according to the information posted on the Darknet by its operators. Attackers also make use of additional services for extra pay.
MaaS and ransomware can be easily disseminated through various channels, such as malicious email attachments, infected websites, or compromised software. But malware-as-a-Service (MaaS) is an illicit model of business involving the leasing of software to carry out cyberattacks. Typically, clients of such services are offered a personal account through which they can control the attack, as well as technical support. It lowers the initial threshold of expertise needed by would-be cybercriminals.
Cybercriminals constantly evolve their tactics to bypass security measures. They employ sophisticated techniques, including polymorphic malware (which changes its code to avoid detection), zero-day exploits (which exploit unknown vulnerabilities), and botnets (networks of compromised computers) to launch large-scale attacks. These ever-changing methods make it challenging for security measures to keep pace.
Malware and ransomware often exploit vulnerabilities in software, operating systems, or human behavior. Cybercriminals target outdated or unpatched systems, known vulnerabilities, or human errors (such as clicking on malicious links or downloading infected files). As long as there are vulnerabilities to exploit, these threats will persist.
“Longer recovery times in manufacturing are a concerning development. As we’ve seen in Sophos’ Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks. This extended recovery is negatively impacting IT teams, where 69 percent report that addressing security incidents is consuming too much time and 66 percent are unable to work on other projects,” John Shier, field CTO of Sophos said.
The internet enables malware and ransomware attacks to transcend geographical boundaries, reaching victims worldwide. Cybercriminals can launch attacks from any location, making it difficult for law enforcement to track and apprehend them. This global reach allows threats to propagate rapidly and affect a large number of individuals, organizations, and critical infrastructure.
In addition to ransom payments, cybercriminals monetize malware and ransomware through various means. They may sell stolen data on the dark web, use compromised systems for distributed denial-of-service (DDoS) attacks, engage in cryptocurrency mining using hijacked resources, or engage in identity theft and financial fraud. These avenues provide alternative revenue streams and sustain the profitability of cybercriminal operations.
“Cybercriminals actively trade illicit goods and services, including malware and stolen data, over the shadow segments of the internet. By understanding how this market is structured, companies can gain insights into the methods and motivations of potential attackers. Armed with this information, we are able to better help businesses better develop effective strategies that prevent cyberattacks by identifying and monitoring cybercriminal activities, tracking the flow of information, and keeping up-to-date on emerging threats and trends”, Alexander Zabrovsky, Digital Footprint Analyst at Kasperky said.
