Page 19 - SAMENA Trends - August 2019
P. 19
REGIONAL & MEMBERS UPDATES SAMENA TRENDS
Accenture Report Reveals New Cybercrime
Operating Model among High-Profile Threat
Groups
With syndicates working together, the lines
are even more blurred between threat actor
groups, making attribution more difficult.
In addition, Accenture Security analysts
have observed a shift in the way Cobalt
Group targets victims to gain access to
the victims’ supply chain networks. While
malware has typically been sent to internet
users via phishing emails, analysts now
see an emergence of malware executed
through web browsers focused on
targeting online merchants and retailers
specifically. The report also finds evidence
of a continued global disinformation
battlefield influencing social media
users and cautions that threat actors
are becoming more skilled at exploiting
Cybercrime campaigns and high-profile procedures and tool use, to create a profile legitimate tools. While disinformation
advanced persistent threat groups are of the adversary. This process is critical campaigns to influence both domestic
shifting how they target victims and for organizations to understand so they and foreign political sentiment and sway
focusing more on intricate relationships can proactively be involved in properly national elections will continue, the wider
with “secure syndicate” partnerships allocating resources and improving their potential impact of disinformation on
to disguise activity, according to the security posture to avoid becoming global financial markets is even more
latest 2019 Cyber Threatscape Report cybercrime’s next victim.” The report concerning, the report notes. The financial
from Accenture. Leveraging Accenture notes a significant increase in threat services industry — and, more specifically,
Security threat-intelligence capabilities actors and groups conducting targeted high-frequency trading algorithms, which
and research from primary and secondary intrusions for financial gain, also referred rely upon fast, text-driven sources of
open-source materials, the annual report to as “big game hunting.” Despite the information — are likely to be targeted
provides insights and predictions on arrests of individuals associated with by large-scale disinformation efforts in
the cyberthreat landscape and how it online underground marketplaces, activity the future. In addition, ransomware is
will shift over the next year. The goal among infamous threat actor groups — increasingly plaguing businesses and
is to help organizations stay ahead of such as Cobalt Group, FIN7 and Contract government infrastructures, with the
threats relevant to their organization, Crew — has continued. Accenture Security number of ransomware attacks more than
industry and geography. “Over the past analysts have also observed the shared tripling in just the past two years. Aside
year, cybercriminals have continued to use of tools that automate the process of from delivery via spam campaigns, analysts
test the resilience of organizations by mass-producing malicious documents to have witnessed threat groups Nikolay and
layering attacks, updating techniques and spread malware, such as More Eggs, which GandCrab planting ransomware directly
establishing new, intricate relationships is used in both conventional crimeware on networks through network access
to better disguise their identities, making campaigns and targeted attacks. The intrusions. Actors are offering to sell
attribution more difficult to pursue,” continued activity is associated with remote desktop protocol (RDP) access to
said Josh Ray, a managing director at relationships forming among “secure corporate networks, which they’ve likely
Accenture Security. “Organizations should syndicates” that closely collaborate gained through compromised servers and
understand the tangible elements, or the and use the same tools — suggesting a RDP brute forcing, to those in underground
bread crumb trail left behind, which can major a change in how threat actors work communities.
help reveal the motivations, operational together in the underground economy.
19 AUGUST 2019
