Ransomware groups club together

Trend Micro says it blocked more than 86-million email threats targeted at SA between January and June 2023. 

The collaboration between cybercrime groups helps them lower costs and increase their market presence while also maintaining the efficacy of their criminal activities.

This is a fascinating insight from the Trend Micro 2023 Midyear Cybersecurity Threat Report, which presents highlights from the company’s telemetry covering millions of commercial and consumer clients.

Trend Micro says it blocked more than 86-million email threats, around four million malicious URLs and over 4,000 malicious mobile apps targeted at South African businesses and consumers between January and June 2023. This comes at a time when the complexity of the country’s cybersecurity threat landscape continues to intensify.

The report also uncovers key trends in criminal techniques, tactics and threat actor activity, providing important guidance for defenders looking to stay one step ahead of calculating cyber criminals.

“With each passing month the local threat landscape becomes more intricate and convoluted. Our latest research shows that illegal actors are shifting targets and getting increasingly creative to become more efficient and prolific. Prioritising a set of proactive and holistic security solutions has never been more important,” says Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro.

Ransomware groups are collaborating on ever shifting targets

During the first half of 2023, almost 15 million malware families were blocked by Trend Micro in South Africa. Ransomware, in particular, is a challenge for local companies, with almost 2 500 ransomware detections in June alone. However, the Midyear Report offers valuable insight into the ways in which ransomware groups are operating – not only updating their tools and techniques to extract data more efficiently, but also adapting their business models.

Earlier this year Trend Micro researchers discovered a new ransomware that uses legitimate search engine tools to search for files to encrypt. Investigation into this new ransomware, which researchers named ‘Mimic’, suggests a connection with the larger and more notorious Conti ransomware group. It’s suspected that collaboration between these criminal groups helps them lower costs and increase their market presence while also maintaining the efficacy of their criminal activities.

According to the report, many ransomware players are also turning their data exfiltration efforts toward tactics such as cryptocurrency theft and business email compromise (BEC). 

AI is making hackers more productive

Another key trend that emerged in the first half of 2023 was the use of AI by cybercriminals to carry out virtual crimes more efficiently. A significant number of South African businesses have implemented AI in some form in a bid to elevate their operations – but they aren’t the only ones. 

Recently, malicious actors have abused AI technology to accurately impersonate real people as part of their attacks and scams. In fact, imposter scams such as virtual kidnapping are becoming increasingly rampant.

In the case of virtual kidnapping, malicious actors are able to create a deepfake voice of their victim’s child and use it as proof that they have the child in their possession to pressure the victim into sending large ransom amounts. 

At the same time, ChatGPT and other AI tools are enabling criminals to automate the gathering of information, formation of target groups, and identification of vulnerable behaviours.

This is helping them lure big-name victims (also known as “big fish”) in harpoon whaling attacks.

Whaling involves tricking executives and directors through phishing campaigns for the purpose of stealing information or siphoning large sums of money. Harpoon whaling, on the other hand involves extensive research on targeted individuals. This attack is a highly targeted social engineering scam that involves emails crafted with a sense of urgency and that contain personalised information about the targeted executive or director. 

With AI tools becoming increasingly adept at creating text that can seem human-crafted, the effort needed to attack executives has been drastically reduced, making the targeting of hundreds of thousands of executives easier than ever before.

Threat actors are innovating, finding new ways to target victims

As innovations continue to evolve and involve more data, threat actors have also been finding more ways to victimise people. For example, today’s connected cars contain over 100 million lines of code, giving smart functionality to the user but also opening doors to hackers. As more smart cars saturate the market, attackers will try to gain access to user account data and leverage it for crimes.

By hijacking or stealing such an account via phishing for credentials or installing malware, a cyber-criminal could locate the car, break into it and potentially sell it on for parts or follow-on crimes. They might even be able to locate the owner’s home address and target it for burglary when they’re not in.

The same is true of smart home networks (SHN), which have gained significant traction in South Africa over the past few years. In fact, during the first half of 2023, Trend Micro detected more than one and a half million inbound SHN attacks in South Africa.

Threat actors have also been casting a wider net by leveraging vulnerabilities in smaller platforms for more specific targets, such as file transfer service MOVEit, business communications software 3CX, and print management software solution PaperCut.

“The increasingly sophisticated tactics being employed by hackers present a particular concern for local businesses which face untold potential damages at the hands of these malicious actors,” says Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro. “It’s critical for defenders to gain a thorough understanding of the potential risks they are facing. Knowing these threats will help them make more informed decisions and ultimately take proactive measures to stay ahead in the increasingly convoluted cat and mouse game of cybersecurity.”

For more information visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/stepping-ahead-of-risk-trend-micro-2023-midyear-cybersecurity-threat-report