Cybercrime campaigns and high-profile advanced persistent threat groups are shifting how they target victims and focusing more on intricate relationships with “secure syndicate” partnerships to disguise activity, according to a services firm’s report.
The 2019 Cyber Threatscape Report from Accenture looks at and predicts the cyberthreat landscape and how it will shift over the next year.
Josh Ray, a managing director at Accenture Security said: “Over the past year, cybercriminals have continued to test the resilience of organisations by layering attacks, updating techniques and establishing new, intricate relationships to better disguise their identities, making attribution more difficult to pursue. Organisations should understand the tangible elements, or the bread crumb trail left behind, which can help reveal the motivations, operational procedures and tool use, to create a profile of the adversary. This process is critical for organisations to understand so they can proactively be involved in properly allocating resources and improving their security posture to avoid becoming cybercrime’s next victim.”
The firm sees an increase in threat actors and groups doing targeted intrusions for financial gain, also referred to as “big game hunting.” Despite the arrests of individuals associated with online underground marketplaces, activity among infamous threat actor groups — such as Cobalt Group, FIN7 and Contract Crew — has continued. Accenture analysts have seen shared use of tools that automate the process of mass-producing malicious documents to spread malware, such as More_Eggs, as used in conventional crimeware campaigns and targeted attacks.
The continued activity is associated with relationships forming among “secure syndicates” that closely collaborate and use the same tools — suggesting a major change the company suggests in how threat actors work together in the underground economy. With syndicates working together, the lines are even more blurred between threat actor groups, making attribution more difficult. The report also finds evidence of a continued global disinformation battlefield influencing social media users and cautions that threat actors are becoming more skilled at exploiting legitimate tools. While disinformation campaigns to influence both domestic or foreign political sentiment and sway national elections will continue, the wider potential impact of disinformation on global financial markets is even more concerning, the report notes. The financial services industry — and, more specifically, high-frequency trading algorithms, which rely upon fast, text-driven sources of information — are likely to be targeted by large-scale disinformation efforts. And ransomware is increasingly plaguing businesses and government infrastructures.
For the report visit the Accenture website.
Comment
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, said: “We should expect further commoditisation of the global cybercrime industry. Unlike lavish cybersecurity startups, which can usually “repair” any mistakes or omissions with a next funding round, cybercriminals think rationally and plan effectively. They smartly implement machine learning and cloud to accelerate diverse hacking tasks. They outsource some of their activities to other gangs to cut their costs, increase profits and add a supplementary smokescreen for understaffed and underpaid law enforcement agencies. Mushrooming cryptocurrencies will soon make sophisticated crimes technically uninvestigable. Given the modest financial opportunities available to bug bounty hunters compared to unscrupulous cyber mercenaries, we will likely see further proliferation of skilled and sophisticated cyber gangs capable of making entire countries tremble.”
Meanwhile, online forms such as login pages and shopping baskets are increasingly hijacked by cybercriminals hunting for personal financial information (PFI), according to new research from F5 Labs. The firm’s Application Report 2019 examined 760 breach reports and discovered that formjacking, which siphons data from the customer’s web browser to an attacker-controlled location, remains one of the most common web attack tactics. The method was responsible for 71pc of all analysed web-related data breaches throughout 2018.
David Warburton, Senior Threat Evangelist, F5 Networks said: “Formjacking has exploded in popularity over the last two years. Web applications are increasingly outsourcing critical components of their code, such as shopping carts and card payment systems, to third parties. Web developers are making use of imported code libraries or, in some cases, linking their app directly to third party scripts hosted on the web. As a result, businesses find themselves in a vulnerable position as their code is compiled from dozens of different sources – almost all of which are beyond the boundary of normal enterprise security controls. Since many web sites make use of the same third-party resources, attackers know that they just need to compromise a single component to skim data from a huge pool of potential victims.”
