Thursday, November 26, 2020

Trends in Sophos 2021 Threat Report

Chester Wisniewski

Sophos, a global leader in next-generation cyber security, has published the Sophos 2021 Threat Report, which flags how ransomware and fast-changing attacker behaviours, from advanced to entry level, will shape the threat landscape and IT security in 2021.

The report, written by Sophos Labs security researchers, as well as Sophos’ threat hunters, rapid responders and cloud security and AI experts, provides a three-dimensional perspective on security threats and trends, from their inception to real-world impact.

Three key trends analyzed in the Sophos 2021 Threat Report include:

The gap between ransom ware operators at different ends of the skills and resource spectrum will increase.

At the high end, the big-game hunting ransom ware families will continue to refine and change their tactics, techniques and procedures (TTPs)to become more evasive and nation-state-like in sophistication, targeting larger organizations with multimillion-dollar ransom demands. In 2020, such families included Ryuk and Ragnar Locker. At the other end of the spectrum, Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma that allows them to target high volumes of smaller prey.

Another ransomware trend is “secondary extortion,” where alongside the data encryption the attackers steal and threaten to publish sensitive or confidential information, if their demands are not met. In 2020, Sophos reported onMaze, RagnerLocker, Netwalker, Revil and others using this approach.

“The ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets.

However, we’ve also seen ransom ware families sharing best-of-breed tools and forming self-styled collaborative ‘cartels,’” said Chester Wisniewski, principal research scientist, Sophos. “Some, like Maze, appeared to pack their bags and head for a life of leisure, except that some of their tools and techniques have resurfaced under the guise of a newcomer, Egregor. The cyber threat landscape abhors a vacuum. If one threat disappears another one will quickly take its place. In many ways, it is almost impossible to predict where ransomware will go next, but the attack trends discussed in Sophos’ threat report this year are likely to continue into 2021.”

Everyday threats such as commodity malware, including loaders and botnets, or human-operated Initial Access Brokers, will demand serious security attention.

Such threats can seem like low level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions. If human operators are behind these types of threats, they’ll review every compromised machine for its geo location and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation. For instance, in 2020, Ryuk used Buer Loader to deliver its ransomware.

Author:

0 comments: