Digital breadcrumbs left behind in many 2021 cyberattacks point to the growing use of outsourced ransomware and cybercriminal services.

Just as cybersecurity agencies and governments around the world are increasing collaborative efforts to fight cybercrime, underground communities and state-sponsored threat groups are also exchanging resources to improve their reach and agility.

According to a new threat report, ‘cyber breadcrumbs’ from a few of last year’s most notorious ransomware attacks suggest that some of the biggest cyberattacks may have simply been perpetrated by ‘outsourced labor‘.

Some key findings include:

  1. Small businesses were an increasing focus of attack: Small- and medium- sized enterprises faced upward of 11 cyber threats per device per day and continued to be an epicenter for cybercriminals, according to the study data.
  2. Public cloud platforms unwittingly hosted malware: An increasing number of payloads were being housed in the public cloud. The majority of these payloads were highly malleable, meaning they can be cheaply customized. This trend was especially prevalent in North America, where local hosting of vicious payloads including Cobalt Strike surged. 
  3. Biggest attacks may have been outsourced: In multiple incidents threat actors left behind playbook text files containing IP addresses and more, suggesting the ransomware authors were not the ones carrying out attacks. This indicates a growing shared economy within the cyber underground.
  4. Old tactics were modernized: The proliferation of digital channels due to increased digital transformation had prompted cybercriminals to renew old tactics such as phishing and watering hole attacks, primarily because of the ability of the tactics to be scaled. These tactics will likely continue to see relevance as digital channels like the metaverse develop.

According to Eric Milam, Vice President of Research and Intelligence, BlackBerry Limited, which produced the report: “Criminals are working out how to target us better. The infrastructure of the cyber underground has evolved so they can deliver more timely and personalized deceptions to the public. This infrastructure has also incubated a criminal shared economy, with threat groups sharing and outsourcing malware allowing for attacks to happen at scale. In fact, some of the biggest cyber incidents of 2021 look to have been the result of this outsourcing.”