S-RM's Cyber Intelligence Briefing newsletter is now in audio format, allowing us to discuss cyber security issues in more depth with the writers behind the scenes.
LISTEN TO THE FULL EPISODE FOR INSIGHT ON THREAT ACTOR INNOVATION allowtransparency="true" allow="encrypted-media" style="position: absolute; top: 0px; left: 0px; width: 100%; height: 100%; border: none;"> |
In this episode, we speak with cyber experts Lukas Weber, Kyle Schwaeble, and Olly Burnand, about the latest trends in threat actor innovation and the strategies your organisation can put in place to protect against attacks.
Cyber criminals are continuously innovating. Looking at the 50+ editorials that S-RM's Cyber team has produced, three emerging innovation trends have come to the fore.
1. Double encryption
The first innovation discussed is double encryption. In some cases, a single ransomware group might encrypt their victim's data twice, sometimes with two separate strains or simply using two separate encryption keys. This causes the victim to pay a ransom twice to recover their data.
“What I think we might see in the case of double encryption is if an organisation pays first to get past one layer of encryption, they won’t want to have that wasted, they’ll want to get past the next layer of encryption, and so will end up paying more.”
2. additional PRESSURE TACTICS
The second trend the S-RM team has picked up on and seen increasingly over the last year is additional pressure tactics employed by threat actors, particularly ransomware groups. This includes cold calling directors or senior executives, sometimes even phoning the front desk or clients and journalists to let them know the victim organisation has had a data breach. The S-RM Cyber team also saw threat actors threatening distributed denial-of-service (DDoS) attacks against their victims if ransoms weren't paid. This would be a threat over and above the initial ransomware attack.
3. THIRD-PARTY ACCESS BROKERS
The final emerging attack method witnessed by the team was an increase in the use of third-party access brokers. Essentially, instead of compromising a network in order to launch an attack, threat actors are looking to purchase access to an already compromised network. This could either be purchased from a specialist hacker or, alternatively and quite interestingly, from insiders at a target organisation.
“We also observed some insiders, some employees, actually advertising their access in exchange for a fee as well. So, it really just highlighted the need for organisations to keep on top of the insider threat, and identify and track factors that could lead to identifying those employees who might pose a threat to the business.”
This recording took place before the Russian invasion of Ukraine. Read our latest analysis of the fast-changing cyber threat landscape evolving alongside the conflict.
LISTEN TO THE FULL EPISODE TO DISCOVER MORE ABOUT THREAT ACTOR INNOVATION allowtransparency="true" allow="encrypted-media" style="position: absolute; top: 0px; left: 0px; width: 100%; height: 100%; border: none;"> |
ABOUT THE SPEAKERS |
Olly Burnand, Associate, Cyber Security Olly is part of S-RM’s Cyber Advisory practice in the UK. He works to help clients prepare for and respond to major cyber incidents. View profile.
Lukas Weber, Associate, Cyber Security Lukas is a member of the Cyber Advisory team at S-RM. He leads on information security assessments for clients across all sectors, engaging with stakeholders across these businesses. View profile.
Kyle Schwaeble, Senior Analyst, Cyber Security Kyle is a senior cyber security analyst working in S-RM’s incident response team. Before joining S-RM’s cyber security team, Kyle worked as a corporate intelligence analyst in our Cape Town office. View profile.
Rosie McKeown, Head of Content Rosie is Head of Content at S-RM. She has over 20 years' experience in content and communications across a variety of roles in education and accountancy. View profile. |
REFERENCES made in the podcast
- 'LogMeIn: Poor Or Reused Passwords Responsible For 80 Percent Of Breaches', CRN, 17 August 2021.
- 'The State of Ransomware 2021', Sophos, 19 April 2021.
S-RM supports clients globally to design and implement cyber security solutions that further your business objectives. We work with you to develop strategies that give you confidence that your security meets your needs. Find out more about our Cyber Advisory practice.