Malware has a way of grabbing all the attention in the media and keeping companies on their toes. The world watched as wipers were deployed to Ukrainian organizations after the Russian invasion of Ukraine, which marked the beginning of a time of instability that included ransomware and InfoStealers, as well. Adding to the negative cybersecurity load of 2022, the contemporary version of ransomware celebrated its 10-year anniversary.
And if that were not enough, researchers have seen that a cybercriminal, like any sensible businessperson, are big proponents of getting the most out of their resources. You might say they are practicing the reduce, reuse, recycle principles, but instead of being focused on environmental concerns, they are retrofitting code to enable more successful criminal outcomes.[1] Reduce, Reuse, Recycle !!
In the second half of 2022, researchers saw the resurgence of familiar names in the malware, wiper, and botnet space - including Emotet and GandCrab, to name a few. The top five ransomware families, out of a total of 99 detected, accounted for about 37% of all ransomware activity in the second half of 2022. The most prominent malware was GandCrab, a RaaS threat that surfaced in 2018.
A group of Emotet variations were observed to assess their propensity for borrowing and recycling code. Emotet has undergone significant diversification, with variants dividing into about six different "species" of malware. Not content to simply automate threats, cyber-attackers aggressively improve upon successful innovations.
Cyber adversaries have an entrepreneurial spirit and are constantly seeking for ways to increase the value of current investments and knowledge in attack operations to increase their effectiveness and profitability. Reusing code allows hackers to build on previously successful results while iteratively improving their attacks and getting past defensive barriers. In fact, the most common malware for the second half of 2022, was pl.;’/the bulk of the top ranks were occupied by malware that was more than a year old. Some of them, like Lazurus, have existed for more than 10 years and are pillars of the history of the internet.
Resurrecting Old Tactics - Along with reusing code, attackers are maximizing opportunities by using well-known threats and existing infrastructure. For instance, if one looks at botnet threats by pervasiveness; many of the top botnets are not novel. Mirai and Gh0st.Rat has continued to dominate across all geographies, which is not surprising. Among the top five observed botnets, only RotaJakiro was created in the last couple of years. Although there’s a tendency to disregard more recent risks as history, businesses in all industries must maintain their vigilance.
Such "vintage" botnets remain in wide circulation because they continue to be highly effective. Because there is a return on investment, clever hackers will continue to exploit current botnet infrastructure and transform it into increasingly persistent versions using highly specialized techniques. In particular, the manufacturing sector, Managed Security Service Providers (MSSP), and the telco/carrier sector were all major targets of Mirai in the second half of 2022. This demonstrates an intensive effort of criminals to target those sectors with tried-and-true techniques.
Getting Ahead of The Game - It can be difficult for enterprises to keep up with constantly changing threats. The reuse of code and modularization made possible by a burgeoning Crime-as-a-Service ecosystem underscores the value of prompt security services that can help enterprises fend off threats with AI-powered, coordinated defense. Moreover, companies can achieve quicker detection and enforcement across the full attack surface if there is integration across all security devices, thereby lowering their overall risk posture.
Beyond technology, cybersecurity strategy really comes down to people. It takes a global team effort with robust, trustworthy relationships and collaboration among cybersecurity participants across public and commercial organizations and sectors to successfully disrupt cybercriminal supply chains.
Cyber awareness and hygiene training must be a cornerstone of any company and this must extend to all employees, not just those in IT or security functions. An estimated 80% of organizations reported last year that they had suffered one or more breaches due to a lack of cybersecurity skills and awareness.
Prepare for What’s Next - The latter half of 2022 was interesting, to say the least. Understanding the trends from this period will help you better understand how to keep your companies operating safely. According to what we have observed over the past six months, we cannot dismiss older threats. They are still actively evolving and searching for both unpatched places and fresh vulnerabilities that will enable them to spread. Companies that use the above information and best practices will be better prepared to face what’s next on the threat horizon.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.fortinet.com/blog/threat-research/bad-actors-resurrecting-old-tactics?lctg=141970831
Comments