////////////////////////////////////////////////////////////////////
“
THE
OBSERVATIONS
OF CTU
RESEARCHERS
OVER THE LAST
12 MONTHS
SHOW THAT THE
THREAT FROM
CYBERCRIME IS
ADAPTIVE AND
CONSTANTLY
EVOLVING.
•
•
environment. CTU researchers have also
observed other government-backed
espionage groups deploying cryptocurrency
miners within compromised networks. The
assumption that nation-state-sponsored
advanced persistent threats (APTs) are
dimensionally different from advanced
cybercrime threats is fundamentally flawed.
•
•
Ransomware continues to be a
serious threat
• There has been no significant decrease
in the volume of ransomware, banking
www.intelligentcio.com
•
malware, point-of-sale (POS) memory
scrapers or other threats available for
purchase on underground forums
The threat actors who developed
SamsamCrypt and BitPaymer, the two
most impactful ransomware threats
observed by CTU researchers during the
reporting period, have retained them for
their exclusive and targeted use, showing
the distinct threat these sophisticated
cybercriminal groups pose
The developers of Gandcrab – a new
piece of ransomware identified by CTU
researchers in January and offered for
sale on Russian-language underground
forums – have been observed offering
a partner programme in which the
developers received 30% to 40% of any
resulting revenue from successful attacks
There is no clear evidence that
ransomware has been displaced
by other capabilities such as
cryptocurrency mining and targeted
ransomware attacks continue to be a
worrying trend
The growth of traditional file-encrypting
ransomware did slow but CTU researchers
nevertheless observed no fewer than 257
new and distinct ransomware families
during the reporting period
Some of the more popular new
ransomware-as-a-service families
TRENDING
release regular updates and feature
new additions
Sophisticated criminal gangs
are earning millions of dollars of
revenue through stolen payment
card data
• Sophisticated criminal gangs
have combined advanced social
engineering (expertise in deception and
manipulation) and network intrusion
techniques with point-of-sale (POS)
malware to generate millions of dollars
of revenue through stolen payment
card data
• The price of credit card details on
underground forums incentivises
criminals to target POS terminals, where
credit card details can be extracted from
the memory of the running device using
specialist malware
• Cybercriminals are also clever about
monetising card data even after the
theft has been discovered and credit
card dump sites such as JokerStash have
come under scrutiny as a possible way for
sophisticated criminals to do just that
The Dark Web is not the darkest
depth of the cybercriminal world
• Sophisticated, organised criminal
groups are quietly dealing with most of
cybercrime’s damage each year and they
avoid the Dark Web where possible to
evade detection by law enforcement and
threat researchers
• These more sophisticated criminals may
use simple and readily available tools in
some cases, but their highly organised
approach and evolving capabilities
represent a significant threat
“The observations of CTU researchers over
the last 12 months show that the threat
from cybercrime is adaptive and constantly
evolving,” the report concludes.
“To stay ahead of it, it is imperative
that organisations develop a holistic
understanding of the landscape and how
it relates to them and tailor their security
controls to address both opportunistic and
more highly targeted cybercriminal threats.”
To download the full report, visit
secureworks.com. n
INTELLIGENTCIO
25