sb-nz logo
Story image

APT groups conducting more targeted intrusions – Accenture

02 Dec 2019

Cybercrime campaigns and high-profile advanced persistent threat groups are shifting how they target victims and focusing more on intricate relationships with “secure syndicate” partnerships to disguise activity, according to the latest 2019 Cyber Threatscape Report from Accenture.

A shift in high-profile cybercrime operating models

The report notes a significant increase in threat actors and groups conducting targeted intrusions for financial gain, also referred to as “big game hunting.”

Despite the arrests of individuals associated with online underground marketplaces, activity among infamous threat actor groups — such as Cobalt Group, FIN7 and Contract Crew — has continued. Accenture Security analysts have also observed the shared use of tools that automate the process of mass-producing malicious documents to spread malware, such as More Eggs, which is used in both conventional crimeware campaigns and targeted attacks.

The continued activity is associated with relationships forming among “secure syndicates” that closely collaborate and use the same tools — suggesting a major change in how threat actors work together in the underground economy.

With syndicates working together, the lines are even more blurred between threat actor groups, making attribution more difficult.
In addition, Accenture Security analysts have observed a shift in the way Cobalt Group targets victims to gain access to the victims’ supply chain networks.

While malware has typically been sent to internet users via phishing emails, analysts now see an emergence of malware executed through web browsers focused on targeting online merchants and retailers specifically.

The global disinformation battlefield

The report also finds evidence of a continued global disinformation battlefield influencing social media users and cautions that threat actors are becoming more skilled at exploiting legitimate tools.

While disinformation campaigns to influence both domestic or foreign political sentiment and sway national elections will continue, the wider potential impact of disinformation on global financial markets is even more concerning, the report notes.

The financial services industry — and, more specifically, high-frequency trading algorithms, which rely upon fast, text-driven sources of information — are likely to be targeted by large-scale disinformation efforts in the future.

Rise in ransomware: Network access for sale

In addition, ransomware is increasingly plaguing businesses and government infrastructures, with the number of ransomware attacks more than tripling in just the past two years.

Aside from delivery via spam campaigns, analysts have witnessed threat groups Nikolay and GandCrab planting ransomware directly on networks through network access intrusions.

Actors are offering to sell remote desktop protocol (RDP) access to corporate networks, which they’ve likely gained through compromised servers and RDP brute forcing, to those in underground communities.

About Accenture’s Cyber Threatscape Report

Leveraging Accenture Security threat-intelligence capabilities and research from primary and secondary open-source materials, the annual report provides insights and predictions on the cyberthreat landscape and how it will shift over the next year.

The goal is to help organisations stay ahead of threats relevant to their organisation, industry and geography.

Story image
NCC Group chosen to help improve IoT security standards for all sectors
“At NCC Group, security is in our DNA and that's why we're excited to work with the ioXt Alliance in raising security standards within the IoT ecosystem."More
Story image
Inteview: Mimecast security expert on why email attacks are more successful than ever
Techday spoke to Mimecast Australia principal technical consultant Garrett O’Hara, who walks through why security experts are becoming increasingly pessimistic about email-borne attacks.More
Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Download image
Remote workforces drive new risk management strategies
remote and onsite workers have access to multiple collaboration tools, leading to fresh risk management strategies in the post COVID world.More
Story image
Australians ignoring cybersecurity policies in favour of productivity
Trend Micro has found that 67% of remote workers have increased their cybersecurity awareness during COVID-19 related lockdowns. However, despite greater awareness people may still engage in risky behaviour, the survey finds.More
Download image
SaaS shouldn't left exposed to the public internet - how hybrid IT can help
By leveraging hybrid IT, enterprises can turn to a new architecture that leverages specialties such as colocation from multi-tenant data centres, and interconnection.More