Ransom Gangs Increasingly Outsource Their Work (krebsonsecurity.com) 7
Brian Krebs writes via KrebsOnSecurity.com: There's an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today's attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained.
One of the most common ways such access is monetized these days is through ransomware, which holds a victim's data and/or computers hostage unless and until an extortion payment is made. But in most cases, there is a yawning gap of days, weeks or months between the initial intrusion and the deployment of ransomware within a victim organization. That's because it usually takes time and a good deal of effort for intruders to get from a single infected PC to seizing control over enough resources within the victim organization where it makes sense to launch the ransomware.
This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have. Each day, millions of malware-laced emails are blasted out containing booby-trapped attachments. If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine. From there, the infected system will report home to a malware control server operated by the spammers who sent the missive. At that point, control over the victim machine may be transferred or sold multiple times between different cybercriminals who specialize in exploiting such access. These folks are very often contractors who work with established ransomware groups, and who are paid a set percentage of any eventual ransom payments made by a victim company.
One of the most common ways such access is monetized these days is through ransomware, which holds a victim's data and/or computers hostage unless and until an extortion payment is made. But in most cases, there is a yawning gap of days, weeks or months between the initial intrusion and the deployment of ransomware within a victim organization. That's because it usually takes time and a good deal of effort for intruders to get from a single infected PC to seizing control over enough resources within the victim organization where it makes sense to launch the ransomware.
This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have. Each day, millions of malware-laced emails are blasted out containing booby-trapped attachments. If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine. From there, the infected system will report home to a malware control server operated by the spammers who sent the missive. At that point, control over the victim machine may be transferred or sold multiple times between different cybercriminals who specialize in exploiting such access. These folks are very often contractors who work with established ransomware groups, and who are paid a set percentage of any eventual ransom payments made by a victim company.
H1B to the rescue! (Score:2, Offtopic)
Just call up Tata or InfoSys.... I'm sure they will be happy to hook you up with some exceptionally qualified* labor at very reasonable rates!
*qualifications not guaranteed...
ransomware is just lazy (Score:2)
Honestly, ransomware is they laziest form of cybercrime. If they put real effort in they could get a lot more money but they are so lazy that pulling this stupid shit is good enough. You would think cybercriminals would take some pride in their work but clearly they are just bums.
Re:ransomware is just lazy (Score:5, Interesting)
Except in highly targeted attacks where the malicious party has knowledge in advance of what they're looking for, the odds of finding such valuable secretive data is pretty low. The odds of finding somebody willing to pay to get their stuff back is much higher.
As the summary notes, cybercrime is also set up much more like a traditional business model now. Hackers create exploits, sell them on markets to development houses who create ransomware-as-a-service packages, resell those to partners that deliver through rented botnets or compromised accounts on public cloud services, have support teams for negotiating with victims, and so on. It's a mass market thing, and honestly some aspects are pretty slick despite being wholly despicable.
I'm sure there's an Etsy of the underworld for the occasional target worth the real effort too, but the risk profile changes heavily. Insider knowledge could be traced back, more potent exploits command more up-front investment, negotiations with the victim will be more complicated, and attention from law enforcement is more likely.
I think it's less about laziness, more about what failure of society has lead reasonably motivated and intelligent individuals to crime, and then allowed it to flourish into an entire market. Also, Microsoft Office. Easily responsible for 90% of this mess.
Re: (Score:2)
The alternatives are to abuse the computer's resources (botnets and crypto mining are both still a thing), or to exfiltrate data and either sell it or extort to prevent its release.
Hardly! How many people access their bank accounts via bank website? How many make purchases with credit cards? These two things would provide direct access to money stores which you could claim and/or translate into bitcoin. The end user wouldn't even know they had been burgled until it was too late.
Re: (Score:2)
Honestly, ransomware is they laziest form of cybercrime. If they put real effort in they could get a lot more money but they are so lazy that pulling this stupid shit is good enough.
Getting hit with ransomware is a sign of lazy IT. If they put real IT effort in they could get a lot more security but the IT is so bad that pulling ransomware is trivial.
It's called (Score:1, Troll)
Crapitalism
Hey, I'm bored! ( (Score:1)