It’s no surprise that threat actors are diffuse and aggressive, but a new report finds in the first half of 2021, they’ve been testing new blackmail methods, targeting the viability of critical infrastructure business operations in particular. This is one of the four main trends identified in Accenture’s 2021 Cyber Threat Intelligence Report.
The report also identifies the emergence of Cobalt Strike, a commodity malware that attacks operational technologies from the IT space and Dark Web actors challenging IT and OT networks as three other major cybersecurity trends.
Meanwhile, the White House stepped up federal efforts to combat domestic and foreign cyberattacks, and on Thursday launched a ransomware task force aimed at helping businesses and state and local governments combat cybersecurity threats.
The Accenture report highlights what companies characterize as the often invisible link between the new ecosystem, the Dark Web economy, ransomware disruption, commodity malware, and abuse of pirated software, and the effects of their collective disruption on IT and OT environments.
“Threat actors connect the dots to improve their tactics and collaborate with each other to take advantage of the evolving ecosystem,” Accenture said in a blog. “Not only are we seeing increased pressure from threats related to remote work vulnerabilities, but also cybercriminals have benefited from the critical role played by local governments, healthcare providers and supply chains.
The report found that:
- Dark Web forums are a feeding ground for new threat actors. Online forums make it easier and cheaper than ever for newcomers to launch cybercrime operations. Along with the traditional trade in malware logs, threat actors are selling parser tools that more easily compile logs, credentials, certificates, and cookies. The tool helps other threat actors, including inexperienced ones, create new campaigns and assume the identities of legitimate users in the target network.
- Ransomware is getting bolder. They target manufacturing and critical infrastructure sectors—from finance to energy to food production around the world—using high-pressure tactics to escalate the consequences of infection. Increasingly, they deploy multiple pressure points at once to extract the ransom payment.
- Threat actors abuse pirated versions of the Cobalt Strike commercial penetration testing framework. Using these familiar tools for nefarious purposes adds to the perennial arsenal of commodity malware—an enduring feature of cybercrime operations that spreads easily within victims’ networks.
Hidden threats and payment pressures
The Accenture report notes that information is easy to buy—and even easier to use. Since the beginning of the year, there has been a “small but significant increase in threat actors selling malware logs” on the Dark Web, which contains data from information-stealing malware. Information thieves collect and log several types of data, including system information, web browser bookmarks, web session cookies, login credentials, and payment card numbers.
The global ransomware crisis has entered a new phase with threat actors adopting stronger pressure tactics and attacking targets such as manufacturing and critical infrastructure, the blog said.
There are four techniques that ransomware actors use: Denial of local access (encryption); blackmail leaks (also known as the “name and shame” tactic); distributed denial of service (DDoS); and contact with victim customers.
“Paying or not paying the ransom is still a big question on many people’s minds,” the blog wrote. “Accenture has strengthened the United States federal government’s guidance: Don’t pay the ransom. Companies can be subject to financial penalties if they inadvertently pay a sanctioned entity and cannot guarantee the return or erasure of stolen data.
Instead, organizations should focus on prevention and recovery: Protecting against commodity malware; stay alert for Dark Web sales of stolen credentials; segment system to minimize lateral movement of ransomware; implement a sound logging system to detect abnormal network behavior, and create backups and guidelines to strengthen operational resilience.
Full-WATCH American Horror Stories Season 1 Episode 1 HD Online Free Full-WATCH Dr. Death Season 1 Episode 1 HD Online Free Full-WATCH The Outpost Season 4 Episode 1 HD Online Free Full-WATCH RuPaul’s Drag Race All Stars Season 6 Episode 4 HD Online Free Full-WATCH iCarly Season 1 Episode 7 HD Online Free
Be proactive and act fast
When a breach occurs, Accenture recommends reacting quickly, working closely with legal counsel, and implementing incident response and communication best practices. With all of these trends happening together, this can be a very worrying time for OTs and critical infrastructure providers. Three possible things to remember are:
- Preparation and precautions are paramount. In industrial software, as in a pure IT environment, when these steps are ignored or fail, threat mitigation becomes reactive, with a focus on triage and response.
- The use of commodity malware that is easily purchased by threat actors, if not detected quickly, can help adversaries buy time to traverse the IT network to the OT.
- The use of DarkSide ransomware against critical infrastructure targets is a reminder that the PL environment is in the crosshairs.
“For OT and critical infrastructure and key resource providers in the United States, the Executive Order to Enhance National Cybersecurity issued in May 2021 is very helpful in addressing these threats and trends,” Accenture said.
Providers reciprocate as they work to improve software design, secure supply chains, invest in digital technologies that are easier to secure, increase cybersecurity focus, and work more transparently with government partners to drive a more stable business environment, Accenture said.