![]() Threat groups from countries under economic embargoes or sanctions have been observed using ransomware and extortion to fund their operations. Advanced threat groups may use extortion and ransomware to fund other activities - or hide them.Since 2019, at least 96 of these organizations have had confidential files publicly exposed to some degree as part of attempted extortion. In 2022, 30 organizations on the Forbes Global 2000 list were publicly impacted by extortion attempts. Attacks on the world’s largest organizations represent a small but notable percentage of public extortion incidents. Large, multinational organizations can be lucrative targets for threat actors.Organizations based in the United States were most severely affected, according to leak site data, accounting for 42% of the observed leaks in 2022. Unit 42 believes this is due to the prevalence of systems used by this industry running on out-of-date software that isn’t regularly or easily updated or patched-not to mention the industry’s low tolerance for downtime. Based on our analysis of dark web leak sites, manufacturing was one of the most targeted industries in 2022, with 447 compromised organizations publicly exposed to leak sites. Extortion gangs are opportunistic, but there are some patterns in the organizations they attack.Read more: Adversaries using innovative methods to launch cyber attacks Compare this to mid-2021, when harassment was a factor in less than 1% of Unit 42 ransomware cases. By late 2022, harassment was a factor in about 20% of ransomware cases. Ransomware threat actor groups will target specific individuals in the organization, often in the C-suite, with threats and unwanted communications. Harassment is another extortion tactic Palo Alto observed being used in more ransomware cases.Threat actors often threaten to leak stolen data on dark web leak sites, which are increasingly a key component of their efforts to extort organizations. Comparing this to mid-2021, Palo Alto saw data theft in only about 40% of cases on average. In Unit 42 ransomware cases, as of late 2022, threat actors engaged in data theft in about 70% of cases on average.In our review of incident response cases, as well as our threat intelligence analysts’ assessment of the larger threat landscape, Palo Alto Networks noted some key points: Incident response plans today need to involve not only technical considerations but also safeguards for an organization’s reputation and considerations for how to protect employees or customers who may become targets for some of the extortionists’ more aggressive tactics. ![]() Organizations, in turn, need to evolve defenses to address the various methods threat actors use to apply pressure. While in many cases the motivation is financial, Unit 42 also sees indications that cyber extortion can happen in service of a group’s larger goals- sometimes simply to fund other activities, but other times to distract from them. While much attention has been paid to ransomware in recent years, modern threat actors increasingly use additional extortion techniques to coerce targets into paying-or dispense with ransomware altogether and practice extortion on its own, according to a new report from cybersecurity company Palo Alto Networks. Threat actors are increasingly employing cyber extortion techniques to gain leverage over targeted organizations and accomplish their goals. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |