Ransomware attacks included those of the massively disruptive and dangerous variety, have proved difficult to combat comprehensively. Hospitals, government agencies, schools, and even critical infrastructure companies continue to face debilitating attacks and heavy ransom demands from hackers. But as governments around the world and U.S. law enforcement have taken a hard time cracking down on ransomware and starting to move forward, researchers are trying to stay one step ahead. of attackers and predict where ransomware gangs could go if their main hustle and bustle becomes impractical.
At the RSA security conference in San Francisco on Monday, digital scam researcher Crane Hassold will present the conclusions that warn that it would be logical for ransomware actors to eventually turn their operations into corporate e-mail (BEC) compromise attacks. as ransomware becomes less profitable or poses a greater risk to attackers. In the United States, the Federal Bureau of Investigation has repeatedly found that the total amount of money stolen in BEC scams far exceeds that stolen in ransomware attacks, although ransomware attacks may be more visible and cause more disruption. associated losses.
In the corporate email engagement, attackers infiltrate a legitimate corporate email account and use access to send fake invoices or initiate contract payments that trick companies into cheating money offenders when they think they are only paying their bills.
“A lot of attention is being paid to ransomware and governments around the world are taking steps to disrupt it, so the return on investment will eventually be affected,” said Hassold, who is director of intelligence intelligence. threats to Abnormal Security and a former FBI digital behavior analyst. “And ransomware actors won’t say, ‘Oh, uh, you caught me,’ and they’re leaving. in the BEC space where all the money is being earned. “
BEC attacks, many of which have their origins in West Africa and specifically in Nigeria, are historically less technical and more dependent on social engineering, the art of creating a compelling narrative that tricks victims into taking action. against their own interests. But Hassold points out that much of the malware used in ransomware attacks is designed to be flexible, with modular quality, so that different types of scammers can bring together the combination of software tools they need for their specific mess. . And the technical ability to set up an “initial access” or digital access point and then deploy other malware would be very useful for BEC, where gaining access to strategic email accounts is the first step in most campaigns. Ransomware actors would bring a much higher level of technical sophistication to this aspect of scams.
Hassold also points out that while the most notorious and aggressive ransomware gangs are usually small teams, BEC actors tend to organize themselves into much more lax and decentralized groups, making it difficult for law enforcement to target a central organization or head. Similar to Russia’s unwillingness to cooperate in ransomware investigations, global law enforcement has taken time to develop working relationships with the Nigerian government to counter the BEC. But while Nigeria has placed more emphasis on BEC implementation, counteracting the large scale of scam operations is still a challenge.
