Its powerful gravitational field sucks in all cyber threats to form one interconnected ransomware delivery system: ramifications will hit critical mass.

With so much ado over ransomware attacks so far, are there signs that ransomware is a black hole whose gravitational force is pulling in other cyber threats to form one massive, interconnected ransomware delivery system?

Could this theory harbor with significant implications for IT security?

According to one threat report, the answer is YES, supported by some key trends expected for the next year: 

  1. The ransomware landscape will become both more modular and more uniform, with attack ‘specialists’ offering different elements of an attack ‘as-a-service’ and providing playbooks with tools and techniques that enable different adversary groups to implement very similar attacks.
  2. Established cyber threats will continue to adapt to distribute and deliver ransomware.
  3. The use of multiple forms of extortion by ransomware attackers to pressure victims into paying the ransom is expected to continue and increase in range and intensity.
  4. Cryptocurrency will continue to fuel cybercrimes such as ransomware and malicious cryptomining, and the trend is expected to continue until the regulation of global cryptocurrencies is improved.
  5. In the wake of the ProxyLogon and ProxyShell vulnerabilities discovered and patched this year, expect to see continued attempts to mass-abuse IT administration tools and exploitable internet-facing services by both sophisticated attackers and run-of-the-mill cybercriminals.
  6. Cybercriminals will increase their abuse of adversary simulation tools such as Cobalt Strike Beacons, mimikatz and PowerSploit, so defenders should check every alert related to legitimate tools or combination of tools in the same way they would check a malicious detection.
  7. Linux systems will see more attacks, based on this year’s related threats aimed at the Cloud and on web and virtual servers.
  8. Mobile threats and social engineering scams, including Flubot and Joker, are expected to continue and diversify to target both individuals and organizations.
  9. The application of AI to cybersecurity will continue and accelerate, as powerful machine learning models prove their worth in threat detection and alert prioritization.

    However, as advanced deepfake video and voice synthesis technologies become available, adversaries are also expected to make increasing use of AI to pull off disinformation campaigns, spoof social media profiles, launch watering-hole attacks, phishing campaigns and more.

Commenting on this, Chester Wisniewski, Principal Research Scientist, Sophos, the firm that released the predictive threat report, said: “Ransomware thrives because of its ability to adapt and innovate. For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance companies, and negotiators.”

According to Wisniewski, it is no longer enough for organizations to assume they are safe by simply monitoring security tools and ensuring they are detecting malicious code. “Certain combinations of detections or even warnings are the modern equivalent of a burglar breaking a flower vase while climbing in through the back window. Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of entire networks.”