Ransomware Threats & More Microsoft Bugs: Cybersecurity News for the Week of 09/06/21

Published 9/16/21, 9:30am

• Ransomware criminal gang threatens any victim that contacts the FBI
• More critical Microsoft vulnerabilities announced
• Thousands of Confluence servers vulnerable to attack

Final Words

This week, security researchers published an interesting research study exploring what cybercriminals, especially ransomware attackers, are most interested in obtaining on the dark web. Among the information gleaned was that ransomware cybercriminals are primarily searching for network “access.” These criminals also clearly do reconnaissance on their victims and base their decision on who to target on things like geography and revenue—with U.S. businesses being a highly desirable target. While some cybercriminals refused to buy access to healthcare or education industries, slightly more than half the cybercriminals expressed no concerns whatsoever about doing so. Almost 40% of the ransomware criminals were connected to the ransomware as a service (RaaS) supply chain, serving as operators, affiliates, or middlemen.

Notably, while the average global target-business revenue for an attacker was $100 million, some criminals lowered the bar significantly for businesses in the United States, creating a target revenue threshold of only $5 million to make the business a possible candidate for attack. Not surprisingly, many of the criminals refused to target businesses in the Commonwealth of Independent States (CIS), which is composed of nine primarily Russian-speaking countries. Other less desirable countries were developing nations and countries in South America, presumably due to the decreased chances of financial gain.

This type of psychographic study of cybercriminals is fascinating and contributes to the broader understanding of cybercriminal values, morals, interests, and opinions. However, it also raises the question of whether behavioral analytics could be used on the dark web to influence or manipulate cybercriminals, much the same way that Cambridge Analytica leveraged social media to influence political opinions around the world, including during the 2016 US election.

This recent research also reminds us that cybersecurity “best practices” really can work to minimize attacks. Organizations that limit their attack vectors, maintain good patch and vulnerability management practices, engage in regular security awareness training for employees, and build a comprehensive security program are going to be less attractive targets for cybercriminals–even if the organization meets the cybercriminal’s desirability level in terms of geography and revenue.