Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Kela. Show all posts

Ransomware Attackers and their Industry Standards for Attacking

 

Ransomware attackers have been developing 'industry standards' that they will use to determine a perfect target for their assaults. 

KELA identified 48 comment threads on dark web forums in July 2021 in this regard. Users alleged to be digital attackers trying to purchase network access. Approximately tow-fifth of the threads were established by individuals associated with Ransomware-as-a-Service (RaaS) schemes, comprising operators, associates, and middlemen, according to the intelligence solutions provider. KELA learned from those conversation threads that ransomware attackers hunt for specific criteria when purchasing accesses. 

These elements include the following: 

  • Geographically, almost half (47 percent) of ransomware attackers identified the United States as the preferred destination for their targets. Canada, Australia, and European countries were next on the list, with preferences of 37%, 37%, and 31%, respectively. 

  • Revenue: On aggregate, ransomware attackers expected their victims to make at least $100 million, while they occasionally indicated various ransom sums for different places. Attackers stated that they sought more than $5 million in compensation for victims in the United States, as well as at least $40 million in revenue from "third-world" countries. 

  • Disallowed Industries: Almost half (47%) of ransomware attackers indicated they were unwilling to pay for admission to companies involved in health care and education. Slightly fewer (37 percent) declined to target the government sector, while over a quarter of ransomware perpetrators stated that they would not purchase access to non-profit organizations. 

  • Countries Excluded: Some attackers declined to target companies or government agencies in Russian-speaking countries. They appear to have selected this based on the idea that if they did not target the region, local law enforcement would not worry them. Others ruled out targeting South America or third-world countries as a region. They reasoned that an attack there would not net them enough money. 

The aforementioned data is compatible with several of the ransomware assaults that made the headlines earlier in 2021. 

For instance, consider the attack on the Colonial Pipeline. As per Dun & Bradstreet, the Colonial Pipeline Company, headquartered in Port Arthur, Texas, earned $1.32 billion in revenue in 2020. The business doesn't operate in any of the prohibited industries listed above. Colonial, on the other hand, is a key infrastructure company in the United States. Due to the attacks like this, the FBI as well as other federal law enforcement agencies targeted the DarkSide RaaS gang just after the attack.

Another instance that met the same requirements was the Kaseya supply chain attack. The headquarters of the IT management software company is in Miami, Florida. Furthermore, Kaseya was valued at more than $2 billion by the end of 2019. 

According to KELA, businesses and government institutions could defend themselves from such ransomware attacks in three ways. Firstly, companies could train the employees and the C-suite through security awareness training. This will educate them on how to protect their data and identify suspicious activities on their employer's networks. Secondly, they could utilize vulnerability management to keep an eye on their systems for known flaws. They could then address such faults first. Finally, they could use an up-to-date asset inventory to keep an eye on their devices and systems for unusual behavior.

Darknet Markets are Scrambling to Attract Joker’s Stash Clients

 

The administrator behind Joker's Stash professes to have formally closed down the operation on 15th February. Meanwhile, criminal gangs offering stolen payment cards for sale have stepped up their promotional efforts. Among the darknet marketplaces vying to get previous Joker's Stash clients are Brian's Club, Vclub, Yale Lodge, and UniCC, Kela says. Joker's Stash clients were likely already searching for a new marketplace, says the threat research firm Digital Shadows, because of the site's declining customer service and having its service hindered by law enforcement officials in December 2020. 

Brian's Club has gone the additional mile with its marketing efforts, Kela says. For instance, it has supplanted Joker's Stash as the official sponsor of the popular underground forum Omerta, which focuses on payment card trading. "With the heavy marketing and advertising that Brian's Club has been investing in, it seems that the long-time attempts of marketing to credit card traders may be finally paying off now that Joker's Stash is out of the picture," says Victoria Kivilevich, a threat intelligence analyst with Kela.

Kela and Flashpoint additionally say that Yale Lodge could arise as a dominant market for stolen card information since it operates both Tor and clear web card shop and has a self-facilitated checking service. This service permits the buyer to verify whether the card data being purchased is substantial. Kivilevich brings up, however, that Yale Lodge charges a $150 registration fee and a minimum deposit of $200, which is 10 times higher than what Joker's Stash required.

Flashpoint says the operators of the Ferum market likewise have a wealth of experience and give simple access, yet the site has less card information available for sale than others. Then, Trump's Dumps, which is a newer operation, has expanded its publicizing, Flashpoint reports. It offers an assortment of services, including a self-facilitated checking service. Kivilevich says she has spotted Vclub members attempting to enlist Joker's Stash clients on darknet forums. Be that as it may, Kela's research has discovered numerous complaints about the quality of cards accessible on Vclub. 

“Cybercriminals buy cards and dump not only in specialized shops but also on forums, via instant messaging channels, and behind closed doors in private deals," Kivilevich says.