CYBER criminals have intensified attacks and launched innovative attacks targeting companies and individuals.
According to Sophos, a cybersecurity firm, in its 2023 Threat Report, unveiled yesterday, said the cyberthreat landscape has reached a new level of commercialization and convenience for would-be attackers, with nearly all barriers to entry for committing cybercrime removed through the expansion of cybercrime-as-a-service.
The report revealed that ransomware remains one of the greatest cybercrime threats to organisations with operators innovating their extortion tactics, as well demand for stolen credentials continue to grow.
Sophos said criminal underground marketplaces like Genesis have long made it possible to buy malware and malware deployment services (“malware-as-a-service”), as well as to sell stolen credentials and other data in bulk.
According to it, over the last decade, with the increasing popularity of ransomware, an entire “ransomware-as-a-service” economy sprung up, adding that now, in 2022, this “as-a-service” model has expanded, and nearly every aspect of the cybercrime toolkit—from initial infection to ways to avoid detection—is available for purchase.
Principal Threat Researcher, Sophos, Sean Gallagher, said: “This isn’t just the usual fare, such as malware, scamming and phishing kits for sale.
“Higher rung cybercriminals are now selling tools and capabilities that once were solely in the hands of some of the most sophisticated attackers as services to other actors. For example, this past year, we saw advertisements for OPSEC-as-a-service where the sellers offered to help attackers hide Cobalt Strike infections, and we saw scanning-a-service, which gives buyers access to legitimate commercial tools like Metasploit, so that they can find and then exploit vulnerabilities. The commoditization of nearly every component of cybercrime is impacting the threat landscape and opening up opportunities for any type of attacker with any type of skill level.”
With the expansion of the “as-a-service” economy, Sophos said underground cybercriminal marketplaces are also becoming increasingly commodified and are operating like mainstream businesses. It stressed that cybercrime sellers are not just advertising their services but are also listing job offers to recruit attackers with distinct skills.
According to it, some marketplaces now have dedicated help-wanted pages and recruiting staff, while job seekers are posting summaries of their skills and qualifications.
Gallagher added: “Early ransomware operators were rather limited in how much they could do because their operations were centralized; group members were carrying out every aspect of an attack. But as ransomware became hugely profitable, they looked for ways to scale their productions. So, they began outsourcing parts of their operations, creating an entire infrastructure to support ransomware. Now, other cybercriminals have taken a cue from the success of this infrastructure and are following suit.”
Indeed, as the cybercrime infrastructure has expanded, Sophos said ransomware has remained highly popular—and highly profitable. According to it, over the past year, ransomware operators have worked on expanding their potential attack service by targeting platforms other than Windows while also adopting new languages like Rust and Go to avoid detection. It added that some groups, most notably Lockbit 3.0, have been diversifying their operations and creating more “innovative” ways to extort victims.
Gallagher noted “when we talk about the growing sophistication of the criminal underground, this extends to the world of ransomware. For example, Lockbit 3.0 is now offering bug bounty programs for its malware and ‘crowd-sourcing’ ideas to improve its operations from the criminal community. Other groups have moved to a ‘subscription model’ for access to their leak data and others are auctioning it off. Ransomware has become, first and foremost, a business.”
Sophos admitted that mobile devices are now at the center of new types of cybercrimes. “Not only are attackers still using fake applications to deliver malware injectors, spyware and banking-associated malware, but newer forms of cyberfraud have been growing in popularity, such as “pig butchering” schemes. And this crime is no longer just affecting Android users, but iOS users as well,” it stated.