Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments.
Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.
The language used in the cybercriminals’ press releases often perfectly mirrors the self-righteous style of many modern corporations. Just as legitimate companies claim their prime motivations are social justice, diversity, and environmentalism, so cybercriminals pat themselves on the back for self-perceived virtues such as not specifically targeting healthcare. Some even claim that, by hacking into victim organizations and thereby exposing flaws in their security, they provide a public service that works to protect consumer data in the long run. But the real motives of the cybercriminals are, Sophos believes, believes easy to comprehend.
Media engagement gives gangs tactical advantages
“Media engagement provides ransomware gangs with both tactical and strategic advantages; it allows them to apply pressure to their victims, while also enabling them to shape the narrative, inflate their own notoriety and egos, and further ‘mythologize’ themselves,” says Sophos.
During 2023, rapidly expanding and revenue-rich cybercriminal gangs such as the infamous ransomware group LockBit began to morph into Darknet mirror images of multi-billion-dollar companies, while law enforcement agencies such as the US Federal Bureau of Investigation (FBI) seemed largely powerless to halt their growth or shut them down.
Western law-enforcement agencies have long been frustrated by the fact that cybercriminal groups are generally located in countries such as Russia that are outside their jurisdiction. As a result, cybercriminals are becoming increasingly confident in defying Western authorities.
Less than a week before Christmas 2023, the FBI announced that it had infiltrated one of the world’s most dangerous ransomware gangs, a Russia-based crime group known as BlackCat or ALPHV, and seized the gang’s Darknet website, also releasing de-encryption tools for hundreds of compromised companies to recover their data. But the ransomware gang promptly responded to the shut-down by re-opening the site, offering 90 percent commissions for affiliate criminal organizations willing to continue to work with BlackCat, and declaring open season on everything from hospitals to nuclear power plants.
In the face of the growing sophistication of cybercriminals and the relative powerlessness of Western law enforcement, companies should start 2024 by plugging the gaps in their own security perimeters, bearing in mind that over half of all organizations experienced an insider threat (ie from their own staff) in the past year. Despite the sophistication of the cybercriminals and the nation-state malware resources they can draw, most attacks are surprisingly simple. For example, spear-phishing targeted email attacks are the shock troops of the ransomware industry.
Ransomware gangs will conduct exhaustive research across all the social networking activity conducted by a key member of staff they have targeted in order to build a precise profile of the subject’s contact base, interests, and hobbies. The target employee is then sent a weaponized email appearing to come from a trusted source. Once the hapless employee has opened a seemingly innocent link, they have effectively opened a backdoor to their company’s IT systems and databanks.
In 2024, companies should take firm steps not only to protect against external threats but also against inept or corrupt staff. The practice of staff bringing their own devices (BYOD) to work should be curtailed wherever possible. Access to the corporate network should not be granted to staff devices that are not secured and are regularly checked by IT security.
The second major cyber threat looming over 2024 is the growing peril of third-party attacks. Those companies that conduct a growing proportion of their business online frequently lose track of the vast number of third-party online services subscribed to by their organization and its staff.
While law enforcement struggles to keep pace with international cybercriminal gangs, it is more essential than ever for companies in 2024 to take a full inventory of all the organization’s online entry points to secure their internal as well as their external perimeters.
