Changing Ransomware business models and security

Spread the love

Hong Kong: Over the past decades, cyberattacks and incidents have become more technologically sophisticated and severe in their impacts and implications globally. Along with those advancements in cyberattacks, the operative ransomware business models employed by cybercriminals also appear to be changing with time.

The latest research from Trend Micro once again puts the spotlight on such cybercrime business models, particularly involving ransomware groups and how security teams need to prepare to deal with ransomware attacks in the present as well as the near future.

Global cybersecurity company Trend Micro’s research report titled The Near and Far Future of Today’s Ransomware Groups warns that the ransomware industry could be on the verge of a revolution that sees actors expand into other areas of cybercrime or partner with hostile governments and organised crime groups.

“Change is the only constant in cybercrime, and sooner or later, economic and geopolitical forces may compel ransomware groups to adapt or die,” said Jon Clay, Trend Micro‘s VP of Threat Research.

“Amidst this uncertain threat landscape, network defenders need platform-based security to provide visibility and control across all attack surfaces, including hybrid cloud infrastructure. Our latest report will help them prepare for the future,” added Clay.

The report highlights the history of ransomware and the key building blocks of modern attacks before proposing scenarios that show where threats may be evolving.

Threat actors will continue to evolve their attacks in response to corporate defensive strategies, law enforcement successes, and government sanctions. This could include scaling up attacks through increased automation, targeting more IoT and cloud environments, improving professionalism and execution, and more effectively monetising attacks.

The report also predicts that ransomware actors will eventually be motivated to change their business models due either to the cumulative impact of relatively small changes or by more radical global factors.

This could lead to them developing supply chain attacks to cut out reliance on initial access brokers, using stolen data for stock manipulation, selling more services to traditional organised crime syndicates, merging with other criminal groups, or even working with government actors.

There is no silver bullet to solve these challenges. As they emerge, network defenders and governments should tackle changes to cybercrime or ransomware business models.

Trend Micro’s report also provides a set of potential actions to prepare for these scenarios, including:

  • Hardening internet-facing and internal corporate systems
  • Migrating to cloud services
  • Focusing defensive efforts on detection and response and initial access vectors
  • Strengthening government sanctions on major actors and facilitators
  • Regulating cryptocurrency to increase transparency, protect consumers against fraud and make money laundering harder

Leave a Reply

Your email address will not be published. Required fields are marked *