June 5, 2024 at 08:00AM
Mandiant’s new threat research revealed a resurgence in criminal extortion in 2023, with more ransomware investigations and a 75% increase in data leak site postings. The use of data exfiltration and breach-shaming in ransomware attacks is growing, with criminals exploring payment in Monero cryptocurrency. The report highlights evolving ransomware techniques and the need for enhanced security measures.
Based on the provided meeting notes, here are the key takeaways:
1. Mandiant’s threat research highlights a resurgence in criminal extortion in 2023, attributed to factors such as Russia’s invasion of Ukraine and the Conti chat leaks.
2. The use of Data Leak Sites (DLS) and data exfiltration as part of ransomware attacks is on the rise, with criminals experimenting with new methods for extortion.
3. There has been an increase in the number of ransomware families and variants in 2023, with a shift towards improving and upgrading existing products rather than developing new ones.
4. Most ransomware deployments occur outside standard business hours, with a median time between initial access and ransomware deployment increasing to six days in 2023, indicating the growing addition of data exfiltration.
5. Initial access to victim infrastructure commonly involves stolen credentials, vulnerability exploits, and the use of known vulnerabilities with publicly available exploits.
6. Beacon, legitimate remote access tools, and custom backdoors and malware are frequently used by attackers to establish and maintain a foothold within victim infrastructure.
7. Encryption deployment, often combined with stolen data blackmail, is achieved through multiple methods, including manual execution of ransomware payloads and the use of remote management tools.
8. The report maps ransomware techniques to the MITRE ATT&CK framework, emphasizing the pervasive nature of the extortion threat and the resilience of ransomware actors.
9. There is a continuing emphasis on evolving existing tools rather than developing new ones, with growing use of legitimate and publicly available tools for stealthy attacks.
These takeaways reflect the evolving landscape of ransomware threats and the adaptive tactics employed by criminal actors, as well as the ongoing challenges in addressing these threats.