This includes techniques used to steal user authentication credentials like usernames and passwords to allow attackers to move across the network to compromise other systems and accounts while disguised as a valid user.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Some of the world’s most skilled nation-state cyber adversaries are diversifying tactics to inflict more harm, a report by consulting firm Accenture said.
These ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms, Accenture stated in the ‘2020 Cyber Threatscape Report’.
Throughout this year, suspected state-sponsored and organised criminal groups have been using a combination of off-the-shelf tools to carry out cyberattacks. This includes ‘living off the land’ tools which refer to the network infrastructure already available in the target environment.
Other tools include shared hosting infrastructure and publicly developed exploit codes.
In the study, Accenture tracked the patterns and activities of an Iran-based hacker group called SOURFACE. The group is known for its cyberattacks on oil and gas, communications and transportation businesses in the U.S., Israel, Europe and Saudi Arabia.
It observed that the group used legitimate Windows functions and freely available exploitation tools like Mimikatz for credential dumping.
This technique is used to steal user authentication credentials like usernames and passwords to allow attackers to move across the network to compromise other systems and accounts while disguised as a valid user.
These actors will continue to use off-the-shelf penetration tools owing to their effectiveness and cost efficiency, the report noted.
Ransomware became a more lucrative business model in the past year. The criminals behind Maze, Sodinokibi and DoppelPayner ransomware strains are the pioneers of the growing tactics, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers.
In businesses, the LockBit ransomware emerged earlier this year, which gained attention due to its self-spreading feature that quickly infects other computers on a corporate network.
The company also tracked cybercriminals on Dark Web forums, and found them to be advertising regular updates and improvements to the ransomware. They were also actively recruiting new members promising a portion of the ransom money.
Hack-and-leak extortion methods against large organisations will continue for the rest of 2020, Accenture estimates.