State-sponsored hackers are diversifying tactics, report says

This includes techniques used to steal user authentication credentials like usernames and passwords to allow attackers to move across the network to compromise other systems and accounts while disguised as a valid user.

October 27, 2020 06:47 pm | Updated 06:56 pm IST

These actors will continue to use off-the-shelf penetration tools owing to their effectiveness and cost efficiency, the report noted.

These actors will continue to use off-the-shelf penetration tools owing to their effectiveness and cost efficiency, the report noted.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Some of the world’s most skilled nation-state cyber adversaries are diversifying tactics to inflict more harm, a report by consulting firm Accenture said.

These ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms, Accenture stated in the ‘2020 Cyber Threatscape Report’.

Throughout this year, suspected state-sponsored and organised criminal groups have been using a combination of off-the-shelf tools to carry out cyberattacks. This includes ‘living off the land’ tools which refer to the network infrastructure already available in the target environment.

Other tools include shared hosting infrastructure and publicly developed exploit codes.

In the study, Accenture tracked the patterns and activities of an Iran-based hacker group called SOURFACE. The group is known for its cyberattacks on oil and gas, communications and transportation businesses in the U.S., Israel, Europe and Saudi Arabia.

It observed that the group used legitimate Windows functions and freely available exploitation tools like Mimikatz for credential dumping.

Also read | An online black market offers ‘impersonation-as-a-service’

This technique is used to steal user authentication credentials like usernames and passwords to allow attackers to move across the network to compromise other systems and accounts while disguised as a valid user.

These actors will continue to use off-the-shelf penetration tools owing to their effectiveness and cost efficiency, the report noted.

Ransomware became a more lucrative business model in the past year. The criminals behind Maze, Sodinokibi and DoppelPayner ransomware strains are the pioneers of the growing tactics, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers.

In businesses, the LockBit ransomware emerged earlier this year, which gained attention due to its self-spreading feature that quickly infects other computers on a corporate network.

Also read | Global democracy at risk from cyberattack 'onslaught' - Microsoft president

The company also tracked cybercriminals on Dark Web forums, and found them to be advertising regular updates and improvements to the ransomware. They were also actively recruiting new members promising a portion of the ransom money.

Hack-and-leak extortion methods against large organisations will continue for the rest of 2020, Accenture estimates.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.