Cloud service providers are coming under attack in “lock-and-lead”, forcing IT leaders to exercise extra vigilance in guarding against cyberattacks, experts say.
The warnings are part of a new report into data leaks and ransomware conducted by cloud solutions company, CrowdStrike, which shows that instances of such cyberattacks have gone up by 82% through the last twelve months.
The study also identified two new adversaries – WOLF (in Turkey) and OCELOT (in Colombia) alongside 21 new tracked bugs across the globe. The document outlines new cyber-strike techniques being leveraged by “the big four”: Iran, China, Russia, and North Korea, and breaks down the aftermath of the Log4Shell attacks. The revelations illustrate that adversaries are moving beyond malware, as 62% of recent detections were malware-free.
The report also documents both the continued evolution of nation-state affiliated and criminal presences, as well as the increased sophistication, velocity and impact of targeted ransomware, disruptive operations and cloud-related attacks in 2021. Key findings give organisations the insight required to mature their security strategies and defend their businesses against prolific cyber threats.
Nation-state and criminal groups continue to expand
The 2021 threat landscape became more crowded as new challenges emerged – more than 170 have been tracked in total.
Among key concerns, financially motivated e-crime activity continues to dominate the interactive intrusion attempts tracked by CrowdStrike OverWatch. Intrusions attributed to e-crime accounted for nearly half (49%) of all observed activity.
Specialists have also noted that Iran-based adversaries have been adopting the use of ransomware as well as “lock-and-leak” disruptive information operations – using ransomware to encrypt target networks and subsequently leak victim information via actor-controlled personas or entities.
Furthermore, China-nexus actors have emerged as the leader in vulnerability exploitation and have shifted tactics to increasingly targeting internet-facing devices and services like Microsoft Exchange.
Russia, too, has been the source of fresh concern, as Russia-nexus adversary “cozy bear” has expanded its targeting of IT to cloud service providers in order to exploit trusted relationships and gain access to additional targets through lateral movement. Additionally, “fancy bear” increases the use of credential-harvesting tactics, including both large-scale scanning techniques and victim-tailored phishing websites.
In the Democratic People’s Republic of Korea (DPRK) criminals have been found to target cryptocurrency-related entities in an effort to maintain illicit revenue generation during economic disruptions caused by the COVID-19 pandemic. E-crime actors — including affiliates of Doppel Spider and Wizard Spider — adopted Log4Shell as an access vector to enable ransomware operations.
Adam Meyers, senior vice president of Intelligence at CrowdStrike, said:
“As cyber criminals and nation-states around the world continue to adapt in the changing, interconnected landscape, it’s critical that businesses evolve to defend against these threats by integrating new technologies, solutions and strategies. Enterprise risk is coalescing around three critical areas: endpoints and cloud workloads, identity and data.”