Monetized ransomware: emergent cyber threats and rise of the Ransomware-as-a-Service industry


By C. Max Farrell¸ senior technical marketing specialist & Chiyi Lin, product line manager

TXOne Networks

Until about ten years ago, cyber-attacks capable of causing disasters or endangering human lives existed only in science fiction. However, as the capabilities of modern cyber-physical systems have increased to levels we could only dream of in the past, cybercrime has evolved as well. With each increase in the functionality of operational technology, the potential threat of cyber attacks has also increased, and so the progress of operational technology steadily increases the importance of solid cyber defenses. To prevent disaster, it has become necessary to create operational environments that are secure by design.

The last ten years have presented a consistent pattern of bad actors meticulously seeking entry to previously unexplored operational technology niches with the goal of extorting as much money as possible by any means. So far, incidents recorded in connection with robots have been accidental, resulting from misoperation or worksites that didn’t meet safety standards. In the near future, however, affected companies should expect hackers to develop a more detailed understanding of robot operating conditions. This will eventually enable them to launch targeted attacks on these assets, putting human lives at risk.

The cybercrime service industry

Over the last decade of cyber threat evolution, malicious actors have started to create databases on the dark web where the attack methods, the tricks used, and the required applications can be classified and organized. The creation of these databases was followed by the emergence of a service system in which companies provide paying customers with cybercriminal’s tools. This is known as Ransomware-as-a-Service (RaaS).

The emergence of RaaS as a cybercrime business model is a precursor of serious cyberattacks on many large organizations. It is anticipated that such attacks will continue to intensify as long as they are successful and result in large cash payments to cybercriminals. In this context, it is important to note that presumably less than half of cyber-attacks are disclosed to the public, while the rest are carried out behind closed doors.

RaaS has been successfully used by ‘subscribers’ from various industries to cause several major incidents. The cyberattack program is even conveniently available through various purchase models such as a one-time fee, monthly subscription, or profit-sharing.

A particularly noteworthy example of a RaaS from 2021 is REvil, which has been the lynchpin in numerous serious cyber attacks:

  • In April 2021, there was an attack on Quanta Computer in which attackers attempted to extort $50 million USD using stolen designs from Apple and Lenovo
  • In May 2021, the world’s largest meat processing company, JBS S.A., was forced to shut down some production lines and decided to make a $11 million payment to avoid stolen data being exposed online
  • In July of 2021, supply chain attacks based on Kaseya VSA (Virtual System Administrator) remote monitoring and management software caused downtime for over 1,000 companies

It’s highly likely that the next wave of cyberattacks will focus on the instrumenting of operational technology. Aggressive, persistent attackers are certainly willing to put human lives at risk in the hopes of a fast payout.

The cyberthreat shadow over OT

Over the last ten years many industry verticals, especially those related to critical infrastructure, have had to face the game-changing fact that cybersecurity must now be a fundamental part of each enterprise’s overhead. The medical industry, for example, has been forced to defend against waves of targeted cyber attacks over the last few years. But any other operational environment, e.g. in the oil and gas, semiconductor or automotive industries, is at risk of being exposed to similarly high levels of cyber risk as well.

One way how operational environments can defend against such attacks is through industry-specific regulations. However, while these regulations raise the bar on defensive standards for those networks and assets, TXOne Networks’ researchers have found that they also create similarities that hackers can anticipate and exploit. According to the experts, these regulations are well suited to prevent lower-effort attacks, such as those based on ‘spray-and-pray’ tactics. But the aforementioned sophisticated and targeted cyber attacks are meticulously developed to cause as much harm as possible to specific industries. Therefore, they can only be reliably prevented by protective measures that are adapted to industry-specific concerns and backed up by the consistent work of security intelligence researchers.

Malicious actors have been hitting various manufacturing companies with cyberattacks designed to extort as much money as possible for years, assuming that this industry is most likely to produce large and quick payments in exchange for the return of their assets or data. According to Trend Micro’s report ‘The State of Industrial Cybersecurity’, 61% of factories had experienced a cyber attack, with 75% of these incidents resulting in halted production. 43% of cases where production was stopped longer than 4 days. The crucial takeaway here is that critical and profitable businesses are increasingly likely to be targeted. So the best advice is to secure these assets with the latest equipment and solutions available.

To learn more about how to create a cybersecurity baseline that protects operations from disruption by cyber attack, check out TXOne Networks’ white paper ‘Optimizing Network and Endpoint Resilience: Manufacturer Cybersecurity in the Era of Digital Transformation’.

About the Authors

Max Farrell is a senior technical marketing specialist for TXOne Networks, where he has worked from a background in cybersecurity, technology, and business since 2019. He conducts research related to industry-critical technology, economy, and culture.

Max Farrell can be reached online at max_farrell@txone-networks.com or at contact@txone-networks.com

C.Max Farrel

 

 

 

 

Chiyi Lin is a product line manager with 14 years of experience in cybersecurity. She specializes in OT-native protection and lockdown technology and cooperative cooperation between cybersecurity teams and OT asset owners.

Chiyi Lin can be reached online at chiyi_lin@txone.com or at contact@txone-networks.com

Chiyi Lin

TXOne Networks website: www.txone-networks.com

FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.



Source link