Threat groups around the world have all been found to be active in the current cyberspace climate. They're hard at work distributing disruptive malware that impacts financial data, media and advertising and even the military and law enforcement technology.
Global cybercrime poses worrying questions as to the state of cyber intelligence in general. How do we know what data is at risk, and what things can businesses and enterprises do to be prepared?
Increased vulnerability and growing threats from pandemic related openings have led to severe issues in many organisations, and many don't have the correct information or tools to cope.
To help mitigate risk and inform businesses, Accenture has also released its latest threat intelligence and incident response report, where analysts have gained first-hand visibility into the tactics, techniques and procedures (TTPs) employed by some of the most sophisticated cyber adversaries.
When identifying key trends in the cyber threat landscape, the report found that five themes stood out as the most prevalent.
Ransomware attacks still prove profitable
Traditional ransomware still seems to be yielding results for hackers, with ransomware and extortion threats representing approximately 45% of intrusion volume in the US in 2021.
Supply chains offer attack footholds
During October and November 2021, a number of cybersecurity publications mentioned supply chain attack campaigns that focused on developer library and software platform compromises. 30% of the malware threats Accenture observed in 2021 were also revealed to be backdoor threats.
Information stealers boost the malware market
Underground endpoint marketplaces that sell compromised login data are continuing to offer cheaper gateways into corporate networks. Redline (53%), Vidar (35%), Taurus (4%), Racoon (4%) and Azorult (2%) were found to be the most recognised infostealers.
Cloud-centricity prompts new attack vectors
Cloud use has opened a variety of new doors for hackers. Threat actors have been found to be hijacking cloud services to exploit cloud infrastructure's benefits, collect sensitive data and deploy ransomware.
Vulnerability exploits see high volume buying and selling
Accenture found 45 instances of underground actors wanting to sell or buy exploits for Common Vulnerabilities and Exposures (CVEs). Log4j became a highly capitalised enterprise for hackers, using remote code to exploit vulnerabilities.
Security leaders would be wise to bolster their defences, continue monitoring the growing situation overseas and look out for the threat actors present within their home country. Being informed and aware of upcoming threats is the key to keeping your enterprise safe.
To find more helpful information on threat intelligence for your organisation, read the full Cyber Threat Intelligence Report Volume 2 here.