Ransomware groups are increasingly gaining initial access through external remote services, according to the Cyber Threat Landscape Report by the risk management consultancy Kroll, covering the fourth quarter of 2023. Threat actors continue to target professional services, according to the firm.
Kroll says it continued to see email compromise dominate as an incident type. As in 2022, phishing continues to evolve as threat actors try new and more sophisticated ways to tempt users into clicking on their malicious links, according to the report. In the quarter, Kroll analysts reported on a rise in the use of QR codes in phishing campaigns. Such tactics make defence more challenging, the firm suggests, as users may be less likely to perceive these codes as being suspicious, increasing the possibility of them accessing the links via personal devices, which are outside of corporate security monitoring.
The report also offers case studies, and details results of law enforcement activity to disrupt and degrade the infrastructure of some of the most prolific types of cyber threats. Activity associated with larger ransomware-as-a-service (RaaS) operations, like LOCKBIT and BLACKCAT, actually declined. That said, the report also identified an uptick in activity by several variants such as AKIRA, PLAY, INC and CACTUS.
The consultants point also to a trend whereby infostealer malware has become its own ecosystem in the cybercriminal underground. Infostealer logs are a significant
factor in the initial access broker market: threat actors who specialize in selling access they have gained to corporate environments to ransomware operators who then complete the attack chain and extort the victim. The report describes some infostealers; which are most commonly deployed via phishing, malvertising and fake or misleading posts on social media.
The firm makes some recommendations about how to defend against ransomware, and suggests ‘that there is no area of security about which organisations can afford to be complacent’. You can browse the latest editions of Kroll’s Quarterly Threat Landscape reports and subscribe for free at kroll.com/cyberblog.
See also on the Kroll website, ‘ten trends shaping 2024‘.
