A hacker gold rush that is poised to overshadow ransomware

- Advertisement -


Ransomware attacks, including with those of them that have a massive destructive and dangerous character, it turned out to be difficult to fight comprehensively. Hospitals, government offices, schools, and even critical infrastructure companies continue to face debilitating attacks and large ransom demands from hackers. But as governments around the world and law enforcement in the United States have taken the fight against ransomware seriously and begun to make some progress, researchers are trying to stay one step ahead of the attackers and anticipate where ransomware gangs might turn next if they the main goal of fuss becomes impractical.

- Advertisement -

At the RSA Security Conference in San Francisco on Monday, long-time digital fraud researcher Crane Hassold will present results that warn that it would be logical for ransomware actors to eventually convert their operations into business email compromise (BEC) attacks, as programs Ransomware becomes less profitable or poses a threat. increased risk for attackers. In the United States, the Federal Bureau of Investigation repeatedly found that the total amount of money stolen from BEC fraud far exceeds the amount stolen from ransomware attacks, although ransomware attacks may be more visible and cause more disruptions and associated losses.

- Advertisement -

In a corporate email compromise, the attackers break into a legitimate corporate email account and use the access to send fake invoices or initiate contract payments that trick businesses into transferring money to the criminals when they think they are just paying their bills.

“Ransomware is getting so much attention and governments around the world are taking action to mitigate it, so it will ultimately impact ROI,” says Hassold, director of threat intelligence at Abnormal Security and a former FBI digital behavior analyst. “Extortionist actors aren’t going to say, ‘Oh hey, you got me’ and walk away. So it’s entirely possible you’ll have this new threat as the more sophisticated actors behind ransomware campaigns move into the BEC space where all the money is made.”

- Advertisement -

BEC attacks, many of which take place in West Africa and Nigeria in particular, are historically less technical and rely more on social engineering, the art of creating a compelling narrative that tricks victims into taking actions against their own interests. But Hassold notes that many of the malware used in ransomware attacks are built to be flexible, with a modular quality, so different types of scammers can assemble the combination of software tools they need for their specific activity. And the technical ability to establish an “initial access” or digital foothold for subsequent deployment of other malware would be extremely useful for BEC, where gaining access to strategic email accounts is the first step in most campaigns. Ransomware attackers would bring a much higher level of technical sophistication to this aspect of the scam.

Hassold also notes that while the most prominent and aggressive ransomware gangs tend to be small teams, BEC members are usually organized into much looser and more decentralized groups, making it difficult for law enforcement to target a central organization or kingpin. Similar to Russia’s unwillingness to cooperate in ransomware investigations, it has taken time for global law enforcement to forge a working relationship with the Nigerian government to counter BEC. But even as Nigeria is paying more attention to BEC enforcement, countering the scale of fraudulent transactions is still a challenge.

“You can’t just cut off a snake’s head,” Hassold says. “If you arrest a dozen or even a few hundred of these actors, you still won’t have much impact.”

For ransomware participants, the most challenging aspect of moving into a BEC scam is likely to be the stark difference in collecting the stolen money. Ransomware gangs almost exclusively collect crypto payments from victims, while BEC participants mostly use local money mule networks in the markets where they run their fiat currency laundering scams. Ransomware attackers will need to connect to existing networks or invest in building their own in order to monetize BEC fraudulent schemes and have room for erroneous payments. However, Hassold notes that as law enforcement becomes more adept at tracking and freezing payments in crypto, and the value of crypto continues to fluctuate wildly, attackers may be interested in learning new techniques and shifting gears.

Importantly, Hassold notes that while he and his colleagues have not seen evidence of active collaboration between Eastern European ransomware gangs and West African BEC members, he does see evidence in criminal forums and active interactions with attackers that ransomware attackers are interested in in BEC and have found out about it. Whether this research is just for, ahem, professional enrichment remains to be seen.

“All these types of attacks are very serious and the stakes are very high, so I thought about how things will look in the future when ransomware is eventually destroyed,” says Hassold. “It is possible that these two threats on opposite sides of the cybercrime spectrum will converge in the future, and we need to be prepared for this.”


Credit: www.wired.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox