fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Law Enforcement Action Push Ransomware Gangs to Surgical Attacks

Law Enforcement Action Push Ransomware Gangs to Surgical Attacks

The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations.

Most of the notorious Ransomware-as-a-Service (RaaS) gangs continue their operations even after the law enforcement authorities have arrested key members but have refined their tactics for maximum impact.

Shift in victimology

According to an analysis published by Coveware, which looks at ransom negotiation data from Q4 2021, ransomware groups now demand higher ransom payments instead of increasing the volume of their attacks.

In numbers, the average ransom payment in Q4 2021 reached $322,168, which is 130% higher compared to the previous quarter. The median ransom payment amount was $117,116, up 63% compared to Q3.

Also Read: Domain spoofing: What is it and how to protect your business from it

Ransom payment figures
Ransom payment figures
Source: Coveware

Because disrupting the operation of large firms provokes investigations and creates political tensions on the international level, crooks are now striving for a delicate balance.

They target large enough firms to receive hefty ransom payment demands but not that big or critical that will cause them more geopolitical troubles than gains.

When looking at the company size in terms of employee count, entities with over 50,000 employees experienced fewer incidents as threat actors chose to focus more on mid-sized organizations.

Size of companies targeted by ransomware
Size of companies targeted by ransomware
Source: Coveware

“Although medium and large organizations continue to be impacted, ransomware remains a small business problem with 82% of attacks impacting organizations with less than one thousand employees,” explains Coveware

Group tactics and activity

In Q4 2021, the most frequently encountered variant was Conti, accounting for 19.4% of all detections, LockBit 2.0 came second with 16.3%, and Hive third with 9.2%.

Also Read: How ransomware infects a system and ways to prepare against it

Ransomware group activity in Q4 2021
Ransomware group activity in Q4 2021
Source: Coveware

Considering that the top three ransomware operations engage in double-extortion tactics, it is no surprise that 84% of all attacks in Q4 2021 involved stolen data too.

This percentage would be even higher if it relied only upon the actors’ intentions, as in some cases, the attacks are detected and stopped by defense systems prematurely.

In terms of the techniques and procedures (TTPs), Coveware reports the following:

  • Establishing persistence through scheduled tasks and startup code execution characterized 82% of the infections.
  • The actors performed lateral movement in 82% of ransomware attacks, attempting to pivot to more systems on the same network.
  • Credential access underpinned 71% of the observed ransomware cases.
  • command and control center orchestrating remote access operations was used in 63% of the incidents.
  • Gathering data such as keyboard inputs, screenshots, emails, video, and other espionage-related information characterized 61% of the cases.

Another notable change in the tactics concerns the initial compromise vector. RDP access which used to be a widely-bartered item on dark web markets, is steadily dropping as ransomware actors turn to exploiting vulnerabilities.

Access vectors in ransomware attacks
Access vectors in ransomware attacks
Source: Coveware

The most exploited flaws for network entry in Q4 2021 were CVE-2021-34473, CVE-2021-26855, and CVE-2018-13379, on Microsoft Exchange and Fortinet firewall appliances.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us