Cyber criminals using underground economies to hit businesses

The study, released by BlackBerry, reveals an expanding web-based network of hackers is optimising their data sharing techniques to help target SMEs more effectively.

The research also uncovers cyber tracks from some of last year’s most notorious ransomware attacks, suggesting some of the biggest culprits may have simply been outsourced labour.

The data shows that SMEs are dealing with over 11 cyber-threats per device per day, a figure which only stands to grow as the criminal element becomes increasingly sophisticated in its adoption of the collaborative mindset.

Public cloud platforms are being heavily hit by viruses, with many becoming unwitting hosts of malware. An increasing number of payloads are being housed in public cloud platforms, and the majority of these payloads are highly malleable, meaning they can be cheaply customised. This trend was especially prevalent in North America, where local hosting of vicious payloads including Cobalt Strike surged.

The study also finds that the biggest cyber-strikes of last year may have been outsourced. In multiple incidents, experts identified threat actors leaving behind playbook text files containing IP addresses and more, suggesting the authors of this year’s sophisticated ransomware are not the ones carrying out attacks. These revelations may highlight the growing shared economy within the cyber underground.

The proliferation of digital channels has brought old tactics – such as phishing and watering hole attacks – back into the mainstream, primarily because of their ability to scale. This suggests these tactics will continue to see relevance as digital innovations like the metaverse and increased AR solutions come to market.

Following in the footsteps of US president, Joe Biden’s recently rolled out Zero Trust strategy, widespread adoption of a Zero Trust mentality and a frictionless approach to security for end users is imperative across all sectors.

With damage from the SolarWinds scandal still lingering, this path forward shows that governments are looking ahead to how existing tactics can be leveraged through 2022, alongside potential new risks in quantum computing, the metaverse, connected vehicles and beyond, while removing barriers to Zero Trust adoption.

Eric Milam, Vice President of Research and Intelligence, BlackBerry, said:

“Criminals are working out how to target us better. The infrastructure of the cyber underground has evolved so they can deliver more timely and personalized deceptions to the public.

“This infrastructure has also incubated a criminal shared economy, with threat groups sharing and outsourcing malware allowing for attacks to happen at scale. In fact, some of the biggest cyber incidents of 2021 look to have been the result of this outsourcing,” Milam added.