Radware warns: hackers for hire, shifting attack vectors, cybercrime here to stay

Flourishing cybercrime will continue to quicken pace in 2022, cautions data security vendor Radware. The company’s Director, Threat Intelligence, Pascal Geenens points to several factors behind this high confidence prediction.


He says there are no signs that it will slow down in 2022. Over recent years, organisations have quickened the pace at which they migrate applications to multiple clouds and leverage new software architectures to increase the agility and feature velocity of their application development.


According to Radware’s report, The State of Web Application and API, 70 percent of production web applications now run in cloud environments. This increase in distributed and hybrid infrastructure and application complexity is creating even more challenges for organisations in keeping the wide attack surfaces under control.


The same report reveals that approximately one-third of respondents anticipate that their organisation’s most significant application security concern over the next two years will be maintaining a coherent security policy across heterogenous environments. Nearly as many respondents believe that their most significant concern will be gaining visibility into the security events impacting their organisation.


Despite the implementation of new security technologies, organisations continue to struggle maintaining visibility and consistency of security policies across the heterogenous collection of platforms, infrastructures, and technologies.


There are five key challenges for securing hybrid environments. These include emerging threat vectors, broader attack surfaces, agile software development and DevOps cultures that often leave security as a secondary priority, and multi-cloud deployments that convolute the implementation of coherent security policies. Many organisations have simply been unable to overcome all of these challenges.


Hackers for hire


Meanwhile, attackers have been organising their underground ecosystems and gathering followers from skilled hackers-for-hire and affiliates, who are happy to enjoy the profits of large extortion campaigns. For example, the Avaddon, SunCrypt and Ragnar Locker ransomware gangs have been known to use DDoS attacks to put additional pressure on their victims.


Ransomware groups regularly post messages to hire experts in domains such as backup  technology — not to fix but to destroy — and conduct high-profile DDoS attacks. For example, cyber crime gang Lockbit was found to be posting ads to recruit affiliates, including Mēris botnet operators.


The incentives are large. A survey of 300 U.S. based IT decision-makers found 83 percent of ransomware victims paid the ransom demand. And the demand for hacking skills and underground resources has been growing ever since ransomware operators began conducting successful campaigns.


Shifting cyber attacks


With highly motivated threat actors looking for payments from organised cyber crime groups, attacks have shifted from automated to human operated attacks. Agari researchers determined that most leaked password reuse was done by humans and not automation. It is one thing to defend against automation, but far more difficult to defend against human intelligence and perseverance driven by multi-million-dollar payouts.


Because authorities around the world are making efforts to crack down on criminals and roll up parts of their organisations, criminals might be tempted to hit back where it hurts the most.


The attacker economy is currently out of balance with defenders’ security budgets. There is little to no opportunity to take out the hacking economy by putting up more barriers and making it more costly and time consuming for attackers to breach organisations and infrastructures. These threat actors are sitting on a mountain of crypto gold. The U.S. Treasury said recently that $5.2 billion in Bitcoin transactions can be tied to ransomware payments over the past two years.


In just one example, U.S. travel services firm CWT Global paid a reported $4.5 million in July 2020 to the Ragnar Locker ransomware gang. A recent report from Unit 42 security consulting group indicated that the average ransomware payment increased 82 percent since 2020 to a record $570,000 in the first half of 2021. That increase follows a reported 171 percent increase over 2019.


Cyber crime here to stay


Even if the ransomware issue gets resolved more quickly than expected, criminals will pivot and find new ways to monetise crime. The security community will have to be vigilant, and organisations will need to make considerable efforts to keep their attack surfaces under control.


Unfortunately, 2020 and 2021 brought in a new dawn for cyber crime and info security, and it’s not going away anytime soon — certainly not in 2022.