Report Finds Cybercriminals Are Adopting Professional Business Tactics

A recent report has found that cybercriminals are adopting professional business strategies and diversifying their portfolios in response to declining revenues, as the world faces economic recession, inflation, and supply chain disruptions in 2022. Trend Micro’s Annual Cybersecurity Roundup for 2022 sheds light on the major security concerns that surfaced and prevailed last year, including the decline in profits for cybercriminal groups, the adaptation of cybercriminals to mirror legitimate businesses, and the top vulnerabilities exploited by malicious actors.

According to the report, cybercriminal groups have experienced declining profits, mirroring legitimate businesses when faced with falling revenue. Ransomware groups, in particular, have experienced a sharp decline in profits, with payments in ransom going down 38% compared to the preceding year. When victims will not pay the ransom, extortion gangs have altered their approaches to stay effective. One of the most prevalent, effective, and business-like groups, Conti, disbanded due to their name becoming unfavorable. Following this, their members are divided into multiple smaller gangs such as Karakurt, Royal, and BlackByte.

In order to avoid being detected, cybercriminals have diversified their portfolios and are no longer relying as much on ransomware attacks. These attacks are becoming less profitable, making criminals look for other ways to make money. Variants of the Rust malware have been developed for Linux systems to widen the scope of the attacks. As reported by Trend Micro, cybercriminals are now focusing on exploiting stolen data and utilizing alternative illegal business models, for instance business email compromise, stock fraud, theft of cryptocurrency and money laundering.

Cyber attackers have persisted in their efforts to obtain illicit access to networks, with the most frequent methods being attacks on remote services like telnet, SSH, and VNC, often with valid accounts. In terms of initial accessentry, Microsoft’s disabling of macros in Office documents has resulted in a decreased reliance on phishing, leading attackers to utilize malvertising and HTML smuggling as alternative vectors. In addition, there has been an increase in living-off-the-land strategies that use attack testing applications such as Cobalt Strike and Brute Ratel.

Furthermore, the amount of critical security flaws identified in 2022 skyrocketed in comparison to 2021, as the attack surface has changed rapidly. According to Trend Micro, the rate of failed patches also grew substantially, which they attributed to vendors releasing patches too quickly without using the necessary time to fully understand and address the technical problem.

Trend Micro also reported that by 2022, malicious actors shifted from taking advantage of Microsoft Exchange vulnerabilities to Log4J flaws for further infiltrating networks. The researchers also noticed a quick reaction from malicious agents to the latest security vulnerabilities, as they regularly add novel exploits to their methods for carrying out attacks prior to companies undertaking any patching. Moreover, evidence suggests that there has been a rise in the number of incidents targeting cloud networks, particularly those related to cryptocurrency mining.

Moreover, the use of malignant advertisements with regard to significant trade search phrases has escalated, leading users to malicious websites. Amid this surge in malevolent activity, HTML smuggling has reared its ugly head; employees are sometimes casted as the victim by an HTML attachment in the form of an email, which smuggles a ZIP file containing an ISO file with a LNK file that installs a hazardous payload. Unfortunately, data from SonicWall proposes a 2% year-over-year (YOY) jump in infected material, while Trend Micro provides even more dire reports of a 55% boost. Furthermore, the company’s statistics indicate a 242% spike in blocked malicious files, an 86% surge in backdoor malware detections, and 103% growth in web shell detections, currently the most widespread malicious software.

Cybercriminals are increasingly taking an organized and professional approach to their operations and adopting legitimate business tactics to maximize their earnings. They are adapting by utilizing a variety of strategies, from diversifying attack targets to monetizing exfiltrated data. These shifts in tactics, according to the 2022 Trend Micro Annual Cybersecurity Roundup, require the healthcare industry to stay up-to-date on the latest threats and employ procedures that protect their technology and data. This includes securing their digital infrastructure, enhancing asset management capabilities, and ensuring the visibility of their attack surface. It is essential for the health industry to enact robust cybersecurity measures if it is to keep pace with the rapidly evolving digital environment.