State-Sponsored Hackers and Ransomware Gangs Are Diversifying Tactics to Inflict More Harm, According to Accenture Report.
Accenture's 2020 Cyber Threatscape Report reveals the prolific threats influencing the cyber landscape
Some of the world's most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms, according to the 2020 Cyber Threatscape Report from
Leveraging Accenture's cyber threat intelligence (CTI) capabilities, the report - which Accenture Security produces annually - examines the tactics, techniques and procedures employed by some of the most sophisticated cyber adversaries and explores how cyber incidents could evolve over the next year. The report includes research contributions from
'Since COVID-19 radically shifted the way we work and live, we've seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities,' said
Sophisticated adversaries mask identities with off-the-shelf tools
Throughout 2020, Accenture CTI analysts have observed suspected state-sponsored and organized criminal groups using a combination of off-the-shelf tooling - including 'living off the land' tools, shared hosting infrastructure and publicly developed exploit code - and open source penetration testing tools at unprecedented scale to carry out cyberattacks and hide their tracks.
For example, Accenture tracks the patterns and activities of an
According to the report, it is highly likely that sophisticated actors, including state-sponsored and organized criminal groups, will continue to use off-the-shelf and penetration testing tools for the foreseeable future as they are easy to use, effective and cost-efficient.
NEWS: @AccentureSecure's 2020 Cyber Threatscape Report reveals the prolific threats influencing the #cybersecurity landscape
New, sophisticated tactics target business continuity
The report notes how one notorious group has aggressively targeted systems supporting Microsoft Exchange and Outlook Web Access, and then uses these compromised systems as beachheads within a victim's environment to hide traffic, relay commands, compromise e-mail, steal data and gather credentials for espionage efforts. Operating from
Ransomware feeds new profitable, scalable business model
Ransomware has quickly become a more lucrative business model in the past year, with cybercriminals taking online extortion to a new level by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The criminals behind the Maze, Sodinokibi (also known as REvil) and DoppelPaymer ransomware strains are the pioneers of this growing tactic, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers.
Additionally, the infamous LockBit ransomware emerged earlier this year, which - in addition to copying the extortion tactic - has gained attention due to its self-spreading feature that quickly infects other computers on a corporate network. The motivations behind LockBit appear to be financial, too. Accenture CTI analysts have tracked cybercriminals behind it on Dark Web forums, where they are found to advertise regular updates and improvements to the ransomware, and actively recruit new members promising a portion of the ransom money.
The success of these hack-and-leak extortion methods, especially against larger organizations, means they will likely proliferate for the remainder of 2020 and could foreshadow future hacking trends in 2021. In fact, Accenture CTI analysts have observed recruitment campaigns on a popular Dark Web forum from the threat actors behind Sodinokibi.
Read the full 2020 Cyber Threatscape Report available here.
About Accenture
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Interactive, Technology and Operations services-all powered by the world's largest network of Advanced Technology and Intelligent Operations centers. Our 506,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.
Copyright 2020 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.
# # #
Contact:
Accenture
+1 703 947 4404
alison.geib@accenture.com
Accenture
+1 617 488 3611
denise.berard@accenture.com
(C) 2020 Electronic News Publishing, source