September 14, 2022
“It’s a jungle out there” may be the best way to summarize the state of cybersecurity at the moment, as recent global events coalesce into a melting pot of politically motivated hackers, the criminal underground, foreign scammers, and widespread domestic vulnerabilities.
Let’s start with everybody’s favorite topic: scams. If you’re longing for the simple days of the Nigerian 419 scams, you’re not alone, as the playing field for scams has evolved considerably in recent years. That’s not to minimize the continued threat of the 419 scam, which sometimes resulted in a physical kidnapping, or worse. But the idea of getting ripped off via world travel sounds almost quaint by today’s rough-and-tumble digital standard.
The good news is that if you’ve been scammed over the past year, you’re not alone. In fact, you’re part of growing trend across the country, according to Social Catfish, a provider of online identification services.
“Americans lost a record $6.9 billion to online scams in 2021, up from $3.5 billion in 2019,” the company wrote in its State of Internet Scams 2022 study released this week. “The amount lost has nearly doubled since the global pandemic began in 2020 as people were forced to work, shop, and date online.”
Social Catfish’s conclusion was drawn from scam-related data compiled by the FBI’s Internet Crime Complaint Center (IC3) and the Federal Trade Commission. The IC3 data showed that California is the leading state when it comes to getting scammed, with a total of $1.23 billion lost to scammers in 2021 across more than 67,000 scam victims.
However, on a per capita basis, Florida Man suffered the most with an average per-scam loss of about $33,300, compared to about $18,300 per person in the Golden State, according to the IC3. Iowans were the most resilient to scams, as the Hawkeye state residents lost just $4,700 per scam, the lowest loss-per-scam rate in the country.
While ransomware is not on the 6 o’clock news as much as it was in 2021, it remains a clear and present danger to every business and organization with a port open to the Internet. The extent of the ransomware threat was documented by Intel 471, a provider of cyber threat intelligence.
North America remains the top target for ransomware attacks, according to Intel 471’s recently released Annual Threat Landscape Report, followed by Europe. The most concerning trend may be that ransomware groups are getting more sophisticated in how they work with hacking groups that trade in compromised credentials.
“We observed prominent threat actors transition from engaging in other activity, such as carding forums, to ransomware and compromised access-focused operations,” Intel 471 wrote in its report. “We also reported increasing cooperation between access brokers and ransomware operators.”
Ransomware attacks typically begin with compromised credentials, such as those used for Citrix, remote desktop protocol (RDP), secure shell protocol (SSH) and virtual private networks (VPNs), Intel 471 says. Cybercriminals can either do the work of leveraging unpatched vulnerabilities to obtain credentials, or simply buy pre-hacked credentials in the underground markets.
“We assess the use of compromised credentials, vulnerabilities, and exploits will continue to be the most used initial access tactics considering threat actors of any skill level can easily obtain ready-to-exploit credentials and vulnerabilities from the underground market giving them the ability to impact countless organizations worldwide,” Intel 471 writes in its report.
LockBit 2.0 was the most popular strain of software for perpetrating ransomware attacks, as it comprised 30 percent of all ransomware attacks in May, Intel 471 reports. Conti, Hive, ALPHV, Black Basta, Avos Locker, Vice Society, Quantum, Cuba, and LV were also observed being used in the wild by Intel 471 from November 2021 to May 2022.
While software vendors could be seen taking quick action to patch newly discovered vulnerabilities in their products, that didn’t stop the tide of vulnerabilities from growing in 2021, including a 2x increase zero-day vulnerabilities, Intel 471 found.
“We also observed an increase in vulnerabilities that were more complex and severe in 2021,” the group says in its report. “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported there were about 120 vulnerabilities known to be exploited in the wild in 2020, with that number rising to 160 in 2021. Additionally, the Project Zero security analyst team reported 25 cases of zero-day exploits detected in the wild for 2020 and 58 in 2021.”
The widely reported vulnerability in Log4Shell — which was first disclosed in December 2021 and is still impacting IBM i servers — was the hero of the criminal underground from November 2021 to May 2022, with close to 500 “mentions” in monitored conversations. Other notable vulns popping up in criminal convos include those impacting ProxyShell, ProxyLogon, and VMware vCenter and VMware vSphere Client, it says.
Ransomware attacks have become almost ubiquitous over the past five years, according to Titaniam’s State of data Exfiltration and Extortion 2022 report. The company surveyed 107 security professionals across the US and found that 71 percent of them claimed they were the victim of a ransomware attack over the past five years, with 40 percent saying they had been hit over the past 12 months.
The survey also found that 65 percent of ransomware attack victims also had their data stolen. That didn’t used to happen, the company says.
“We are seeing the emergence of a new trend where cybercriminals are no longer limiting themselves to just encrypting entire systems,” the company says. “They are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim.”
Titaniam CEO and founder Arti Raman says companies must become more proactive to thwart the ransom menace.
“It is unfortunate that organizations continue to believe that investing in detection, backup, and recovery solutions constitutes the complete solution to ransomware,” Raman says in a press release. “These organizations overlook data security, which, when not implemented adequately, becomes the ultimate reason attackers gain excessive leverage and win.”
While he wasn’t speaking about IBM i shops, the takeaway for midrange customers is to get serious about improving security on the platform. It’s one thing to have good backup and recovery processes in place, and it’s also good to have systems in place to detect when a breach happens.
But preventing the breach from occurring in the first place by implementing tough security configurations in the operating system, the database, and the application should be the number one priority for organizations that want to keep their data from becoming the property of criminals.
It is, indeed, a jungle out there, so equip yourself accordingly.
Security Alert: The Anti-Alfred E. Newman Effect
One IBM i Shop’s Close Call With Ransomware
Critical Log4j Vulnerability Hits Everything, Including the IBM i Server