Ransomware, large-scale data dumps and cybercrime-as-a-service dominated first half of 2017
July 25, 2017 – Sterling,VA – Leaked exploits and hacking tools dumped online for every cybercriminal’s easy access fueled significant illegal activity in the first half of this year according to key findings in a new mid-year report by cyber threat intelligence provider, SurfWatch Labs. In the analysis of cyber events, the problem of stolen cybercrime tools was exacerbated by wide-spread data dumps and prolific hacking-as-a-service offerings.
“A year ago, our mid-year report showed the interconnectedness of cybercrime through extensive supply chain hacks and compromised IoT devices,” said Adam Meyer, chief security strategist, SurfWatch Labs. “Find one weak link and maximize it for all its worth was the name of the game then… and that still happens today with even more evidence of how the criminal ecosystem maximizes efforts through shared resources, skills for hire and sometimes, outright theft.”
Previously stolen exploits from NSA and CIA, allegedly released by hacker group TheShadowBrokers, enabled many more malicious actors to attack organizations. WannaCry and NotPetya are two recent exploit examples. The availability of the source code was prevalent and, according to Meyer, “it’s criminals leveraging other criminals and selling to other criminals.”
SurfWatch Labs collected cyber threat data from thousands of open and dark web sources and then categorized, normalized and measured it for impact based on their CyberFact information model. Highlights from the SurfWatch Labs Cyber Risk Report: 2017 Mid-Year Review include:
- WannaCry ransomware was the most talked about malware out of nearly 1,200 tags, accounting for 8.6% of all malware tags, followed by the Industroyer malware at 4.8%.
- Crimeware trade was the most prevalent tag related to cybercrime practices as malicious actors continued to buy, sell, and trade tools on dark web markets and cybercriminal forums, as well as develop more cybercrime-as-a-service options.
- The percentage of extortion-related activity observed in 2017 has more than doubled from 2015 levels and increased by more than 40% when compared to 2016 levels. More industry targets were publicly tied to ransomware and extortion over just the first half of 2017 than in all of either 2014, 2015, or 2016.
- Cybercriminals expanded upon successful business email compromise (BEC) scams to implement more attacks. For example, more than 200 organizations reported W-2 data breaches due to phishing messages in the first half of 2017 - a rise from the 175 reported in 2016.
- The percent of government cybercrime-related threat data collected by SurfWatch Labs more than doubled from the previous two periods (from 13% to nearly 27%), and government was the top trending overall sector for the time frame (followed by IT at 25% and consumer goods at 17%).
- The CIA was the top trending cybercrime target of the period due a nearly weekly series of data dumps from WikiLeaks (followed by Microsoft, the NSA, Twitter, and England’s National Health Service).
“As we’ve repeatedly seen over the past few years, a major breach is rarely isolated, and information stolen or leaked from one organization can be leveraged to attack numerous other organizations,” Meyer said. “Whether it is personal information, credentials, intellectual property, or vulnerabilities and exploits, actors will build off of that hard work and the previous success of other actors by incorporating that information into new campaigns.”
To read the full, complimentary report, visit: http://info.surfwatchlabs.com/cyber-threat-trends-report-1h-2017
About SurfWatch Labs
SurfWatch Labs helps organizations and service providers quickly establish a strategic cyber threat intelligence operation that drives more effective use of their tactical defenses. Founded in 2013 by former US Government intelligence analysts, SurfWatch Labs solutions provide a 360-degree view of cyber threats in the context of your business, along with practical and personalized support to create immediate insights and meaningful action. By combining useful analytics, applications and human expertise, SurfWatch solutions can be your off-the-shelf, cyber threat intelligence team or delivered as a comprehensive product suite that easily integrates with your existing cybersecurity operations.
SurfWatch Labs: Cyber In Sight. For more information, visit www.surfwatchlabs.com.