United Kingdom-based Sophos, a cybersecurity firm, in its 2021 threat report, flagged how ransomware and fast-changing attacker behaviours, from advanced to entry level, will shape the threat landscape and IT security.
The report, released yesterday, written by SophosLabs security researchers as well as Sophos’ threat hunters, among others, provides a three-dimensional perspective on security threats and trends, from their inception to real-world impact.
By the analysis of the the key trends, the gap between ransomware operators at different ends of the skills and resource spectrum will increase. It pointed out that at the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organisations with multimillion-dollar ransom demands.
Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma, that allows them to target high volumes of smaller prey.
Another ransomware trend known as “secondary extortion,” is to be unleashed in the new year. Here, alongside the data encryption, the attackers steal and threaten to publish sensitive or confidential information if their demands are not met.
Principal Research Scientist, Sophos, Chester Wisniewski, said: “The ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets. However, we’ve also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative ‘cartels.’”
“Some, like Maze, appeared to pack their bags and head for a life of leisure, except that some of their tools and techniques have resurfaced under the guise of a newcomer, Egregor. The cyberthreat landscape abhors a vacuum. If one threat disappears another one will quickly take its place. In many ways, it is almost impossible to predict where ransomware will go next, but the attack trends discussed in Sophos’ threat report this year are likely to continue into 2021.”
In this article: