Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring, Stephen Robinson, senior threat intelligence analyst at WithSecure said during Sphere23. For example, while the recent fall of ransomware gangs like Conti and Hive are positive, more groups have sprung up since then using Conti-like TTPs. This shows that methods used by these gangs are imitated and copied by other actors. The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, initial access brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. Robinson noted that nation-states use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalization makes the expertise and resources to attack organizations accessible to lesser-skilled or poorly resourced threat actors.
https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/
Customer Reviews
You must log in to post a comment.
Thanks for submitting your comment!