Some of the world’s most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems, and using online extortion to scare victims into paying ransoms, according to the 2020 Cyber Threatscape Report from Accenture.
Accenture, with offices in Detroit, Livonia, Troy, and Ann Arbor, is a global professional services company with leading capabilities in digital, cloud, and security serving clients in more than 120 countries.
Leveraging Accenture’s cyber threat intelligence capabilities, the report — which Accenture Security produces annually — examines the tactics, techniques, and procedures employed by some of the most sophisticated cyber adversaries and explores how cyber incidents could evolve over the next year.
“Since COVID-19 radically shifted the way we work and live, we’ve seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities,” says Josh Ray, who leads Accenture Security’s cyber defense practice globally. “The biggest takeaway from our research is that organizations should expect cybercriminals to become more brazen as the potential opportunities and pay-outs from these campaigns climb to the stratosphere.”
Throughout 2020, Accenture analysts have observed suspected state-sponsored and organized criminal groups using a combination of off-the-shelf tooling — including “living off the land” tools, shared hosting infrastructure and publicly developed exploit code — and open source penetration testing tools at unprecedented scale to carry out cyber attacks and hide their tracks.
“In such a climate, organizations need to double down on putting the right controls in place and by leveraging reliable cyber threat intelligence to understand and expel the most complex threats,” Ray says.
According to the report, it is highly likely that sophisticated actors, including state-sponsored and organized criminal groups, will continue to use off-the-shelf and penetration testing tools for the foreseeable future as they are easy to use, effective and cost-efficient.
The report notes how one notorious group has aggressively targeted systems supporting Microsoft Exchange and Outlook Web Access, and then uses these compromised systems as beachheads within a victim’s environment to hide traffic, relay commands, compromise e-mail, steal data and gather credentials for espionage efforts. Operating from Russia, the group, which Accenture refers to as BELUGASTURGEON (also known as Turla or Snake), has been active for more than 10 years and is associated with numerous cyber attacks aimed at government agencies, foreign policy research firms and think tanks across the globe.
Ransomware has quickly become a more lucrative business model in the past year, with cybercriminals taking online extortion to a new level by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The criminals behind the Maze, Sodinokibi (also known as REvil) and DoppelPaymer ransomware strains are the pioneers of this growing tactic, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers.
The success of these hack-and-leak extortion methods, especially against larger organizations, means they will likely proliferate for the remainder of 2020 and could foreshadow future hacking trends in 2021. In fact, Accenture analysts have observed recruitment campaigns on a popular Dark Web forum from the threat actors behind Sodinokibi.
Read the full 2020 Cyber Threatscape Report available here.