Financial cyber crimes rising – firms must stay vigilant

• Financially-motivated crimes accounted for nearly half (49%) of all observed cyber intrusion attempts
• There were 21 newly-named adversaries and over 170 total adversaries tracked in 2021
• Ransomware-related data leaks increased by 82%, with 2,686 attacks last year compared to 1,474 in 2020, per the latest Crowdstrike Global Threat Report

Cyber threats continue to evolve as criminals grow more sophisticated in their approach and the payoffs become more lucrative. Ransomware-related data leaks increased by 82%, with 2,686 attacks last year compared to 1,474 in 2020, according to the recently-released Crowdstrike Global Threat Report.

CrowdStrike Intelligence observed an average of over 50 targeted ransomware events per week. Aside from criminal groups, nation-state adversaries are also expanding their exploits in the cyber world. The eighth annual report also found ransomware-related demands averaged $6.1 million per ransom, up 36% from 2020. 

Financial-motivated crimes 

Unsurprisingly, crimes motivated by financial gain accounted for nearly half (49%) of all observed cyber intrusion attempts.

The report outlined the new operations and techniques from the ‘Big Four’ — China, Iran, North Korea, and Russia – and saw the debut of two fresh state-based adversaries, WOLF from Turkey and OCELOT from Colombia. Some of the highlights include:

• China-nexus actors are leading the pack regarding vulnerability exploitation, taking advantage of 12 vulnerabilities published in 2021. They also shifted more of their targets on internet-linked devices and services like Microsoft Exchange servers.
• Ransomware and “lock-and-leak” operations were the go-to methods for Iran-based adversaries. They encrypted target networks with ransomware and leaked victim information through actor-controlled personas or entities.
• North Korea focused on cryptocurrency-related entities to generate illicit revenue.
• The modus operandi of the Russia-nexus adversary became more diverse as they took advantage of access loopholes. COZY BEAR started targeting cloud service providers to exploit trusted relationships and access victims through lateral movement. FANCY BEAR ramped up its credential-harvesting tactics from large-scale scanning techniques to victim-tailored phishing websites. 

Newly-named adversaries participating in financial crimes

There were 21 newly named adversaries and over 170 total adversaries tracked in 2021. The list includes cybercrime groups like the DOPPEL SPIDER and WIZARD SPIDER affiliates, state-nexus actors like AQUATIC PANDA from China, along with PIONEER KITTEN and NEMESIS KITTEN from Iran. 

Log4Shell attacks, which allow bad actors to take complete server control via a zero-day vulnerability in popular Java logging framework Log4j, were used by both criminals and nation-state affiliates to execute ransomware and network breaching operations. 

This also foreshadowed more attacks via the non-malware route. Log4Shell was first detected on December 9, 2021. In the fourth quarter of last year alone, 62% of all detections indexed by Crowdstrike were malware-free. These include using stolen user credentials and identity to bypass legacy security solutions. 

Businesses must evolve to stay ahead

“As cyber criminals and nation-states around the world continue to adapt in the changing, interconnected landscape, it’s critical that businesses evolve to defend against these threats by integrating new technologies, solutions and strategies,” said Adam Meyers, senior vice president of intelligence at CrowdStrike, a global leader in cybersecurity. 

“The annual Global Threat Report paints a picture that shows enterprise risk is coalescing around three critical areas: endpoints and cloud workloads, identity and data, and provides a valuable resource for organizations looking to bolster their security strategy.”