Keep up to date with the experts

Get insights direct to your email inbox

Subscription Form exit intent popup

Follow us on social

“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager

Simon Darley

Trusted by industry leaders

Request a Quote.

First we need a few details.

Contact Form Primary popup

By continuing, you agree to our Terms & Privacy Policy

Expert Intel

The Crucial Shift In Ransomware Tactics

Expert: Andrea Csuri
Role: SOC Analyst
Specialises in: Cyber Threat Intelligence
What you will learn:
The tactics, techniques and procedures of modern cyber criminals and how their approach to malware is changing.
Malware-free activity accounted for 71% of all detections in 2022 (up from 62% in 2021)

As organisations invest in comprehensive backup systems, hackers are adapting to new strategies which make their exploitations faster and easier. Crowdstrike’s 2023 Global Threat Report found that threat actors are increasingly stealing victim’s data and threatening to leak it, without even encrypting the stolen files. These incidents rose 20% last year, effectively nullifying organisations efforts in backup operations which are designed to combat extortion.

Ransomware Without the Encryption

I believe that this shift in attacks could be contributed by the fact that stealing data, encrypting the files and then subsequently unwinding the encryption takes a lot of time, and can sometimes be unsuccessful if files were encrypted multiple times due to a network share being mapped by multiple computers all running the ransomware. This new extortion strategy cuts corners to ensure attacks are carried out without fuss and rewards are met swiftly.

Data extortion is the low hanging fruit in this case. A leak is not only embarrassing for a company, which certainly can affect potential business revenue in the future, there are regulatory, legal, and compliance consequences as well. Data leaks and breaches can cost hundreds of millions of dollars in fines and lawsuit settlements. A great example of T-mobile, who recently had to pay out 350 million dollars in a class action lawsuit following a data breach and committed to spend another 150 million on data security and related technology.

As we know, ransomware attacks with encryption often target state/local government, manufacturing and healthcare, these industries see the most attacks due to the crucial financial impact ‘downtime’ can have on the organisations. However, law firms, government, PR firms and business processing firms are attacked with data-leak threats, knowing that these entities store large amounts of sensitive data. The well-known adversary known as Lapsus$, or Slippery Spider, stole data from big companies like Samsung and Okta last year, attempting to extort them while their apparent leader was still a teenager. From this we can establish that non-high-tech methods such as bribery and social engineering are still legitimate threats that must be recognised. Social engineering combined with tactics such as open-source intelligence (OSINT) allow malicious actors to paint a digital picture of you from publicly available information and use this data to gain access to avenues they can exploit

Key statistics

  • More than 2,500 advertisements for access were identified across the criminal underground, representing a 112% increase compared to 2021 and demonstrating a clear demand for access broker services.
  • 33 new adversaries, raising the total number of actors tracked to 200+
  • The average breakout time for interactive eCrime intrusion activity declined from 98 minutes in 2021 to 84 minutes in 2022
  • Malware-free activity accounted for 71% of all detections in 2022 (up from 62% in 2021)

New solutions for New Threats

‘Gain Visibility into Your Security Gaps’

Effectively securing your assets requires clarity on all your endpoints, identities, cloud and data to ensure that individual risk levels are properly assessed and recognised.

Understand your infrastructure end-to-end, so you can protect it. Don’t overlook third-party services, network security devices, and the copies of your data, including logs and monitoring tools.

‘Prioritize Identity Protection’

Due to the risk in malware-free & social engineering tactics, it is vital for organisations to enforce MFA whilst quickly identifying and assessing unusual network behaviour.

Make sure the passphrases are strong, and implement a password manager. Users tend to reuse passwords out of convenience – password managers combine security with convenience.  Take advantage of Threat Intelligence and monitor the web and dark web with potential leaked credentials.

‘Prioritize Cloud Protection’

Cloud exploitation rose 95% year-on-year in 2022 through TTP’s such as misconfigurations and credential theft. The report suggests employing ‘agentless capabilities to protect against misconfiguration, control plane and identity-based attacks, combined with runtime security that protects cloud workloads’.

Implement geolocation and device policies. You can block countries, set group policies or give specific allowances for certain users in Microsoft Azure.

‘Know Your Adversary’

Understanding which threat actors are likely to target your industry/organisation and what tactics they’re likely to use puts you at an advantage for faster detection and defence deployment.

Follow the news and fresh threat reports. Utilize Microsoft Defender Threat Intelligence capabilities, from dynamic TI updates to correlating data and identifying possible attackers and tools.

‘Practice Makes Perfect’

Ultimately, maintaining regular testing of security systems and eliminating weaknesses can proactively prevent breaches. As hackers adapt, security teams must adapt with them and stay one step ahead with exercises like red/blue teaming and pen testing.

The best way to make sure you eliminated possible vulnerabilities is a penetration test. You can test your infrastructure, your security team, and confirm you did a great job. If the pen test team found some vulnerabilities you didn’t expect, don’t get discouraged! You gained valuable insight, the team will recommend how to fix it, and you will still be ahead of potential threat actors. You can lean back for a second, but continue with your good work, so you are always a step ahead.

Want to know more about how our team can help you secure your environment? Get in touch and speak with our experts.

find us on Youtube

The latest in cyber & IT news, now on youtube!

Our latest expert Intel

  • Types of cyber crime witnessed in the wild

    May 22, 2023
    Read full article
  • DEV-0538 | Hackers Targeting Recruiters

    May 18, 2023
    Read full article
  • onenote phishing

    OneNote Supply Chain Phishing

    April 12, 2023
    Read full article
  • The Crucial Shift In Ransomware Tactics

    March 24, 2023
    Read full article
  • edge

    Why Microsoft Edge is the best browser for business

    March 13, 2023
    Read full article
  • Windows 11 Business Premium

    A Journey to Modern Endpoint Management

    February 3, 2023
    Read full article
  • What is Open Authorisation Exploitation?

    January 23, 2023
    Read full article
  • Building the Right Business Culture to Manage Human Error - Ryan Pullen X ESW

    January 26, 2023
    Read full article
  • The Uber & Rockstar Hacks - Why there is no magic bullet.

    January 26, 2023
    Read full article
  • Open-Source Intelligence (OSINT) - Why it matters.

    January 26, 2023
    Read full article
  • TEDx Talk: Ryan Pullen – How clicking a link can cost millions.

    January 26, 2023
    Read full article
  • LOLbins & LOLlibs: What are they and why do they matter?

    January 26, 2023
    Read full article