The Emotet botnet is back. Another malware botnet, TrickBot, is being used to install Emotet. This after a takedown back in April.
Also news – it seems Russian speaking hackers are reaching out to their Chinese counterparts to collaborate. According to a new report by Flashpoint, high-ranking users and RAMP administrators are now actively attempting to communicate with new forum members in machine-translated Chinese.
Threat actors are now offering serious money for zero-day exploits too – exploits themselves commanding multi-million dollar budgets, and a secondary “exploit-as-a-service” market for those who can’t afford it. The gangs now rival nation states with their budgets and reach.
They’re also great negotiators – because they know how much you’ll pay before they even hit you. NCC Group research finds each ransomware gang has created their own negotiation and pricing strategies meant to maximize their profit. There are clear signs adversaries have adopted price discrimination techniques based on the yearly revenue of their victims. A metric, ransom per annual revenue, or RoR, was created. Small companies generally pay more in RoR, less in absolute amount but higher in percentage of revenue.
The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans (known as playbooks) for federal civilian executive branch agencies. CISA’s newly published operational procedures are designed to streamline the process of mitigating security vulnerabilities and responding to incidents with the help of easy-to-read decision trees and detailed info for each step.
Think big companies don’t have issues? A survey featuring some of the United States’ top defense contractors suggests that about 20% of them are “highly susceptible” to a ransomware attack, with 42% having experienced a data breach in 2020 alone. That from Black Kite. 43% of contractors were found to have old or dated cybersecurity systems, yielding a higher risk of cyberattacks.
Of course, only 40% of a survey group understand the risks from third parties and their supply chain, per PwC, and 90% of IT decision makers claim their businesses would be willing to compromise on cybersecurity in favor of digital transformation, productivity or other goals, per Trend Micro.
And your newest cultural item – cheese prices are falling after a cyber attack on one of the US’s largest producers, due to backlogs.
Why do we care?
So you remember, that supply chain risk… is also you, dear IT outsourcer. You’re a risk. From the customer’s perspective, you are part of the supply chain too. Sure, you’re selling a solution to address security… but you’re a risk vector too.
The fact the threat actors are now the size of nation states is scary… and evidence of the size of their operation.
And the data point I’m most focused on is the Ransom per Annual Revenue ratio. This is a smart way of looking at the impact. I’ve quipped that large companies can write a check to make a ransom go away after the breach… and this is quantification of why. The larger the company, the smaller the RoR. Note that the operators are savvy enough to have intelligence on what they want to get… but still push a higher RoR. They know the market they can squeeze.