Mobile devices at the center of new types of cybercrimes: report
Cybersecurity platform Sophos recently released its 2023 Threat Report, in which it describes how the cyber threat landscape has reached a new level of commercialization and convenience for would-be attackers, with nearly all barriers to entry to commit cybercrimes suppressed thanks to the expansion of cybercrime. -a service.
The report also explains how ransomware remains one of the biggest cybercrime threats to organizations with operators innovating in their extortion tactics, as well as how the demand for stolen credentials continues to grow.
For all the latest news, follow the Daily Star’s Google News channel.
Criminal underground markets like Genesis have long made it possible to buy malware and malware deployment services (“malware-as-a-service”), as well as sell stolen credentials and other data in bulk. Over the past decade, with the growing popularity of ransomware, an entire “ransomware-as-a-service” economy has emerged.
Now, in 2022, this “as a service” model has expanded and nearly every aspect of the cybercrime toolkit, from initial infection to ways to avoid detection, is available online. ‘purchase.
With the expansion of the “as-a-service” economy, underground cybercrime markets are also becoming increasingly commodified and operating like mainstream businesses. Cyber crime vendors not only advertise their services, they also list job vacancies to recruit attackers with distinct skills. Some marketplaces now have dedicated help and recruitment pages, while job seekers post summaries of their skills and qualifications.
As the cybercrime infrastructure has grown, ransomware has remained very popular and profitable.
Over the past year, ransomware operators have worked to expand their potential attack service by targeting non-Windows platforms while embracing new languages like Rust and Go to evade detection. Some groups, including Lockbit 3.0, have diversified their operations and created more “innovative” ways to extort victims.
The economic evolution of the underground has not only encouraged the growth of ransomware and the “as-a-service” industry, but has also increased the demand for credential theft. With the expansion of web services, various types of credentials, especially cookies, can be used in many ways to embed themselves deeper into networks. Credential theft also remains one of the easiest ways for novice criminals to enter the underground markets and start their “career”.
Sophos has also analyzed the following trends:
- Mobile devices are now at the center of new types of cybercrimes. Not only are attackers still using fake apps to distribute malware droppers, spyware and banking-associated malware, but new forms of cyber fraud are gaining popularity.
- The war in Ukraine has had global repercussions on the cyber threat landscape. Immediately after the invasion, there was an explosion of financially motivated scams, while nationalism led to a disruption of criminal alliances between Ukrainians and Russians, especially among ransomware affiliates.
- Criminals continue to exploit legitimate executables and use “living off earth binaries” (LOLBins) to launch various types of attacks, including ransomware. In some cases, attackers deploy legitimate but vulnerable system drivers in “bring your own driver” attacks in an attempt to shut down endpoint detection and response products to evade detection.