header image

Cyber Intelligence Briefing | Threat Actor Innovation

Rosie McKeown 4 March 2022
4 March 2022    Rosie McKeown

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

S-RM's Cyber Intelligence Briefing newsletter is now in audio format, allowing us to discuss cyber security issues in more depth with the writers behind the scenes.

 

LISTEN TO THE FULL EPISODE FOR INSIGHT ON THREAT ACTOR INNOVATION

allowtransparency="true" allow="encrypted-media" style="position: absolute; top: 0px; left: 0px; width: 100%; height: 100%; border: none;">

CIB Podcast Speakers

In this episode, we speak with cyber experts Lukas Weber, Kyle Schwaeble, and Olly Burnand, about the latest trends in threat actor innovation and the strategies your organisation can put in place to protect against attacks.

Cyber criminals are continuously innovating. Looking at the 50+ editorials that S-RM's Cyber team has produced, three emerging innovation trends have come to the fore.

 

1. Double encryption

The first innovation discussed is double encryption. In some cases, a single ransomware group might encrypt their victim's data twice, sometimes with two separate strains or simply using two separate encryption keys. This causes the victim to pay a ransom twice to recover their data.

 

“What I think we might see in the case of double encryption is if an organisation pays first to get past one layer of encryption, they won’t want to have that wasted, they’ll want to get past the next layer of encryption, and so will end up paying more.”

 

2. additional PRESSURE TACTICS

The second trend the S-RM team has picked up on and seen increasingly over the last year is additional pressure tactics employed by threat actors, particularly ransomware groups. This includes cold calling directors or senior executives, sometimes even phoning the front desk or clients and journalists to let them know the victim organisation has had a data breach. The S-RM Cyber team also saw threat actors threatening distributed denial-of-service (DDoS) attacks against their victims if ransoms weren't paid. This would be a threat over and above the initial ransomware attack.


3.
THIRD-PARTY ACCESS BROKERS

The final emerging attack method witnessed by the team was an increase in the use of third-party access brokers. Essentially, instead of compromising a network in order to launch an attack, threat actors are looking to purchase access to an already compromised network. This could either be purchased from a specialist hacker or, alternatively and quite interestingly, from insiders at a target organisation.

 

“We also observed some insiders, some employees, actually advertising their access in exchange for a fee as well. So, it really just highlighted the need for organisations to keep on top of the insider threat, and identify and track factors that could lead to identifying those employees who might pose a threat to the business.”

 

This recording took place before the Russian invasion of Ukraine. Read our latest analysis of the fast-changing cyber threat landscape evolving alongside the conflict. 

 

LISTEN TO THE FULL EPISODE TO DISCOVER MORE ABOUT THREAT ACTOR INNOVATION

allowtransparency="true" allow="encrypted-media" style="position: absolute; top: 0px; left: 0px; width: 100%; height: 100%; border: none;">

 

ABOUT THE SPEAKERS

Olly Burnand, Associate, Cyber Security

Olly is part of S-RM’s Cyber Advisory practice in the UK. He works to help clients prepare for and respond to major cyber incidents. View profile. 

 

Lukas Weber, Associate, Cyber Security

Lukas is a member of the Cyber Advisory team at S-RM. He leads on information security assessments for clients across all sectors, engaging with stakeholders across these businesses. View profile. 

 

Kyle Schwaeble, Senior Analyst, Cyber Security

Kyle is a senior cyber security analyst working in S-RM’s incident response team. Before joining S-RM’s cyber security team, Kyle worked as a corporate intelligence analyst in our Cape Town office. View profile. 

 

Rosie McKeown, Head of Content

Rosie is Head of Content at S-RM. She has over 20 years' experience in content and communications across a variety of roles in education and accountancy. View profile. 


REFERENCES made in the
podcast

  1. 'LogMeIn: Poor Or Reused Passwords Responsible For 80 Percent Of Breaches', CRN, 17 August 2021.
  2. 'The State of Ransomware 2021', Sophos, 19 April 2021.

 

S-RM supports clients globally to design and implement cyber security solutions that further your business objectives. We work with you to develop strategies that give you confidence that your security meets your needs. Find out more about our Cyber Advisory practice.

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Rosie McKeown
Rosie mckeown Head of Content Email Rosie

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report