79 percent of cybersecurity incidents in 18 months were fueled by cryptocurrency: Report – The Indian Express
A report by cybersecurity firm Sophos revealed that ransomware, fueled by cryptocurrency, was involved in 79 percent of the global cybersecurity incidents in the last 18 months. The Conti and REvil ransomware attacks were on top of the list, notes Sophos. Further, the security firm says that cryptocurrency will continue to fuel cybercrimes such as ransomware and malicious cryptomining.
Sophos expects the trend will continue until global cryptocurrencies are better regulated. The company notes that Ransomware has staked its claim as a major element of the cybercriminal ecosystem. “As we move into 2022, ransomware shows no sign of slowing down, though its business model has gone through some changes that seem likely to persist and even grow over the coming years,” the company said in its threat report.
The biggest change Sophos observed is the shift from threat actors, who make and then attack organizations using their own ransomware, to a model in which one group builds the ransomware and then leases that ransomware to another group so that the similar attack can be implemented. Such threat actors who offer ransomware as services are called RaaS groups.
According to Sophos researchers, attacks by single ransomware groups gave way to more ransomware-as-a-service (RaaS) offerings during 2021. RaaS groups sell the ransomware as a service. The author of the ransomware makes the malware available to other groups called affiliates, who then use their malware/services to hold people’s data hostage.
Interestingly, some of the most high-profile ransomware attacks of this year was done through RaaS groups, including the famous ransomware attack in May against Colonial Pipeline, an American oil pipeline company, where the cybercriminal leased the service of DarkSide, a RaaS group.
The Conti RaaS group has been one of the most prolific in the industry since it was originally observed in 2020. A recent insider leak identified a manual for Conti affiliates. The leak found out the information on pre-attack reconnaissance, the types of information that actors should focus on. It also included a list of suggested passwords that the threat actors could use to break into accounts within a system.
Meanwhile, the research highlights that the established cyberthreats will continue to adapt to distribute and deliver ransomware. “Ransomware thrives because of its ability to adapt and innovate,” said Chester Wisniewski, principal research scientist at Sophos. “For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance …….