DataCenterNews Asia logo
Specialist data center news for Asia
Story image

Ransomware black hole pulls in other cyberthreats to create one massive delivery system

By Shannon Williams
Fri 12 Nov 2021

The gravitational force of ransomware's black hole is pulling in other cyberthreats to form one massive, interconnected ransomware delivery system with significant implications for IT security, according to a new report.

The Sophos 2022 Threat Report provides a unique multi-dimensional perspective on security threats and trends facing organisations in 2022.

The report found that over the coming year, the ransomware landscape will become both more modular and more uniform, with attack specialists offering different elements of an attack as-a-service and providing playbooks with tools and techniques that enable different adversary groups to implement very similar attacks. 

According to Sophos researchers, attacks by single ransomware groups gave way to more ransomware-as-a-service offerings during 2021, with specialist ransomware developers focused on hiring out malicious code and infrastructure to third-party affiliates. 

Some of the most high profile ransomware attacks of the year involved RaaS, including an attack against Colonial Pipeline in the U.S. by a DarkSide affiliate. An affiliate of Conti ransomware leaked the implementation guide provided by the operators, revealing the step-by-step tools and techniques that attackers could use to deploy the ransomware.

Once they have the malware they need, RaaS affiliates and other ransomware operators can turn to Initial Access Brokers and malware delivery platforms to find and target potential victims. This is fuelling the second big trend anticipated by Sophos.

The reports says established cyberthreats will continue to adapt to distribute and deliver ransomware. These include loaders, droppers and other commodity malware; increasingly advanced, human-operated Initial Access Brokers; spam; and adware. In 2021, Sophos reported on Gootloader operating novel hybrid attacks that combined mass campaigns with careful filtering to pinpoint targets for specific malware bundles.

The use of multiple forms of extortion by ransomware attackers to pressure victims into paying the ransom is expected to continue and increase in range and intensity. In 2021, Sophos incident responders catalogued 10 different types of pressure tactics, from data theft and exposure, to threatening phone calls, distributed denial of service (DDoS) attacks, and more.

Cryptocurrency will continue to fuel cybercrimes such as ransomware and malicious cryptomining, and Sophos expects the trend will continue until global cryptocurrencies are better regulated. During 2021, Sophos researchers uncovered cryptominers such as Lemon Duck and the less common, MrbMiner, taking advantage of the access provided by newly reported vulnerabilities and targets already breached by ransomware operators to install cryptominers on computers and servers.

"Ransomware thrives because of its ability to adapt and innovate," says Chester Wisniewski, principal research scientist at Sophos. 

"For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers," he says.

"This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance companies, and negotiators. 

"The are now offloading to others the tasks of finding victims, installing and executing the malware, and laundering the pilfered cryptocurrencies," Wisniewski says.

"This is distorting the cyberthreat landscape, and common threats, such as loaders, droppers, and Initial Access Brokers that were around and causing disruption well before the ascendancy of ransomware, are being sucked into the seemingly all-consuming black hole that is ransomware."

He says it is no longer enough for organisations to assume they are safe by simply monitoring security tools and ensuring they are detecting malicious code. 

"Certain combinations of detections or even warnings are the modern equivalent of a burglar breaking a flower vase while climbing in through the back window," Wisniewski says.

"Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of entire networks."

Additional trends Sophos analysed include:

  • After the ProxyLogon and ProxyShell vulnerabilities were discovered (and patched) in 2021, the speed at which they were seized upon by attackers was such that Sophos expects to see continued attempts to mass-abuse IT administration tools and exploitable internet facing services by both sophisticated attackers and run-of-the-mill cybercriminals 
  • Sophos also expects cybercriminals to increase their abuse of adversary simulation tools, such as Cobalt Strike Beacons, mimikatz and PowerSploit. Defenders should check every alert relating to abused legitimate tools or combination of tools, just as they would check a malicious detection, as it could indicate the presence of an intruder in the network
  • In 2021, Sophos researchers detailed a number of new threats targeting Linux systems and   expect to see a growing interest in Linux-based systems during 2022, both in the cloud and on web and virtual servers
  • Mobile threats and social engineering scams, including Flubot and Joker, are expected to continue and diversify to target both individuals and organizations
  • The application of artificial intelligence to cybersecurity will continue and accelerate, as powerful machine learning models prove their worth in threat detection and alert prioritization. At the same time, however, adversaries are expected to make increasing use of AI, progressing over the next few years from AI-enabled disinformation campaigns and spoof social media profiles to watering-hole attack web content, phishing emails and more as advanced deepfake video and voice synthesis technologies become available
Related stories
Top stories
Story image
Sisense
Data and analytics could be key to higher selling prices in APAC
Sisense's latest report has found that almost half of data professionals in APAC think customised data and analytics can create better selling prices for their products.
Story image
Colocation
Digital Edge chooses Nortek’s StatePoint for new data center
Digital Edge will use Nortek's StatePoint liquid cooling technology in its new data center, the first commercial colocation operator in Asia to do so.
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Microsoft
SAS Viya on Microsoft Azure to deliver 204% return - study
The Forrester Total Economic Impact study finds SAS Viya on Microsoft Azure brings a 204% return on investment over three years.
Story image
Tech Data
Tech Data to use Pluribus Networks’ cloud solutions in APAC
Tech Data says using Pluribus Networks' Unified Cloud Fabric solution will be a "game-changer" for its data center infrastructure customers and partners.
Story image
Digital Transformation
EdgeConneX enters Indonesia, plans for data center campus
EdgeConnex has announced it is expanding its presence in Asia with the acquisition of GTN Data Center in Indonesia.
Story image
Infrastructure
Report - Data investment the key to better business growth
New research from Digital Realty has revealed that almost half (47%) of IT leaders globally believe their business investment in data systems and infrastructure is a key obstacle or concern.
Story image
Data Center
CBRE finds record levels of investment in APAC data centers
CBRE's new report finds direct investment in the sector more than doubled in 2021, surpassing investment volumes for the past four years combined
Story image
Kacific
Kacific launches service to combat enterprise power outages
Kacific Broadband Satellites Group has launched Enterprise Backup, a new service intended to protect organisations against frequent power outages.
Story image
Cloud
Colt connectivity with AWS increases services in Asia
Colt Technology Services expands cloud connectivity to AWS Direct Connect Hosted services, with speeds of up to 10 Gbps in Asia.
Story image
Sustainability
Power at the edge: the role of data centers in sustainability
The Singaporean moratorium on new data center projects was recently lifted, with one of the conditions being an increased focus on power efficiency and sustainability.
Story image
Sustainability
AirTrunk boosts Japan presence with West Tokyo data center
AirTrunk is planning to build TOK2, a new hyperscale data center in Japan which will strengthen the company’s presence in the country.
Story image
Sustainability
NTT launches IoT Services for Sustainability offering
"We know what actions are needed to build a more sustainable future and have a robust suite of technologies available to help deliver this impact."
Story image
Data Center
Sime Darby Berhad to use Equinix APAC data centers
Equinix has expanded its digital infrastructure services, including its International Business Exchange data centers, to Sime Darby Berhad
Story image
BitTitan
Why tenant consolidation is critical to cloud success
Consolidating tenants can improve cost management, security and engagement after a flurry of reactive activity following the widespread shift to remote operations.
Softiron
For every 10PB of storage run on HyperDrive vs. comparable alternatives, an estimated 6,656 tonnes of CO₂ are saved by reduced energy consumption alone over its lifespan. That’s the equivalent of taking nearly 1,500 cars off the road for a year.
Link image
Story image
Sustainability
Siemens showcases new automated solutions for data centers
Siemens has implemented new automated solutions and AI in the Baltic region's largest data center, providing insight into the future of data center management.
Story image
SD-WAN
Orange moves Siemens AG’s entire operations to a SD-WAN
Orange Business Services has migrated Siemens AG's entire global operations, 1168 sites across 94 countries, to a SD-WAN
Story image
Akamai
Akamai announces new products across security, computing
Akamai has announced a series of new products and updates to existing products across its security and compute product lines, including its entry into the infrastructure as a service (IaaS) market.
Story image
Data Center
Digital Edge to build South Korea's largest commercial data center
The project will be the largest commercial data center project in South Korea with total IT power of 120MW and a capital investment of more than KWR$1 trillion.
Story image
Talend
Talend introduces new data health solutions for businesses
Talend has announced its latest version of Talend Data Fabric, with the release of Talend Trust Score enabling data teams to establish a foundation for data health.
Story image
Surveillance
Genetec launches new enclosure management system for data centers
Genetec has released a new enclosure management solution that will give data centers the ability to secure, monitor and manage access to racks and cabinets remotely.
Story image
Sustainability
Video: 10 Minute IT Jams - SoftIron CMO on Data Center Sustainability
In a special Power/Energy feature week presentation, we are joined by SoftIron CMO Andrew Moloney.
Story image
Sustainability
YTL unveils development of solar-powered data center campus
YTL Power (YTL) has announced the development of a 500MW data center campus in Johor, the first data center park in Malaysia to be powered by solar energy.
Story image
Data Center
Tier III Ready Datacenter solutions shortlisted for major awards
"These designs will accelerate data center clients' own Tier III certification, reduce the cost, and fast-track their time to market."
Story image
Sustainability
RDA and MVGX partner for sustainable data center development
Red Dot Analytics (RDA) and MetaVerse Green Exchange (MVGX) have entered a strategic partnership to make Singapore's data center development and operations more sustainable.
Story image
Sustainability
AyalaLand and FLOW partner for data center development
AyalaLand Logistics Holdings Corp (ALLHC) and FLOW Digital Infrastructure have entered into a framework agreement to bolster the development of carrier-neutral data centers in the Philippines.
Story image
Red Hat
Red Hat expands capabilities to provide streamlined application development in cloud
"Application development is undergoing significant change and developers need tools to support this transformation."
Story image
Sustainability
Grasping the opportunity to rethink the metrics of a sustainable data centre
A data centre traditionally has two distinct operations teams: the Facility Operations team, and the IT Operations team. Collaboration between them is the key to defining, measuring, and delivering long-term efficiency and sustainability improvements.
Story image
Data Center
Fujitsu AU signs PPA to offset 40% of NSW data centre load
The agreement marks a key step for Fujitsu Australia in decarbonising its operations and providing lower-emissions services to its customers.
Story image
Hyperscale
Seagate, Phison partnership to improve data center offering
Seagate and Phison have announced plans to expand their SSD portfolio to assist data center customers in reducing total cost ownership (TCO).
Story image
Research
New strategies for cloud-native attacks - Aqua Security
New research from Aqua Security reveals attackers are using more sophisticated techniques to target cloud-native environments.
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Data Center
Equinix enters Africa, closing US$320 million acquisition of MainOne
The completion of the acquisition augments Equinix's long-term strategy to become a leading African carrier-neutral digital infrastructure company.
Story image
Sustainability
ABB unlocks sustainable energy upgrades for data centers
ABB says its new microgrid solutions will get data centers ready for the green revolution and use their own energy sources with a reduced carbon footprint.
Story image
SaaS
Cisco reveals new tech, intends to prevent network issues
Cisco has revealed new technology intended to mitigate costly disruptions by aiding IT teams in learning, predicting and planning.
Story image
Telstra
Telstra expands business offerings in the Philippines
The expansion aims to offer more choice for customers and enhance connectivity into the Philippines, and within the country.
Story image
APAC
Odaseva expands in APAC and UK with more security features
Odaseva, a data platform for Salesforce, is establishing new headquarters in London as well as a new data center in India.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Disaster Recovery
Kacific launches emergency connectivity offering, CommsBox
Kacific has announced the release of a new emergency connectivity offering designed to rapidly provide broadband service in emergency or disaster zones.
Story image
Digital Transformation
Multiplex, NEXTDC making strong progress on S3 data centre
Multiplex has made a significant achievement on Stage 1 of NEXTDC’s S3 data centre, ‘topping out’ the structure in the Artarmon on Sydney’s lower North Shore.
Story image
Cybersecurity
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
ABI Research
70% better 5G power consumption with hardware optimisation
ABI Research has found that hardware optimisation promises up to 70% improvement in 5G power consumption as networks reach scale in many developed nations.
Story image
Power / Energy
Keysight Technologies introduces new next-gen DPT solution
Keysight Technologies has announced its new next-generation Double-Pulse Tester (DPT) with the PD1550A Advanced Dynamic Power Device Analyser.