Almost 79% of global cybersecurity incidents involved ransomware in the last 18 months, says a new report by Sophos.
The Sophos 2022 Threat Report showed that almost 1/3rd of all the calls received by the company’s hotline on cybersecurity incidents came from Conti and REvil ransomware groups.
“Cybercriminals are now offloading to others the tasks of finding victims, installing and executing the malware, and laundering the pilfered cryptocurrencies. This is distorting the cyberthreat landscape,” said Chester Wisniewski, principal research scientist at Sophos.
According to Sophos researchers, attacks by single ransomware groups will give way to more concentrated and unified efforts through ransomware-as-a-service, with specialist ransomware developers focusing on hiring out their infrastructure and malicious code to third-party affiliates.
In 2022 the landscape will witness more attack “specialists” offering different aspects of “attack-as-a-service” along with paraphernalia such as playbooks with tools and techniques for their prospective clients.
“Once they have the malware they need, RaaS affiliates and other ransomware operators can turn to initial access brokers and malware delivery platforms to find and target potential victims,” the report said.
This in turn is now fueling a trend where established cybercriminals are moving to adapt to distribute and deliver ransomware. This includes the likes of loaders, droppers, and human-operated initial access brokers.
Loaders refers to Trojans that can be controlled remotely to give the attacker the ability to remotely interact and control compromised systems.
In March 2021, a piece of malware called Gootloader was found to operate novel hybrid attacks that combined mass campaigns with custom filtering to pinpoint targets for specific attacks.
The report also showed that attackers used over 10 types of pressure tactics, some of which are data theft, distributed denial of service (DDoS) and exposure of data, among others.
One prominent trend that will continue to fuel cybercrimes are cryptocurrencies, which Sophos expects to continue until there are better compliances and regulations for their usage.