New Cybercrime Operating Model Among Threat Groups
“Over the past year, cybercriminals have continued to test the resilience of organizations by layering attacks, updating techniques. They also established new, intricate relationships to better disguise their identities. Consequently, attribution becomes more difficult to pursue,” said Josh Ray, a managing director at Accenture Security.
A shift in high-profile cybercrime operating models
Despite the arrests of individuals associated with online underground marketplaces, activity among infamous threat actor groups – such as Cobalt Group, FIN7 and Contract Crew – has continued.
Accenture Security analysts have also observed the shared use of tools. Most of them automate the process of mass-producing malicious documents to spread malware. One prominent example would be More_Eggs, which is used in both conventional crimeware campaigns and targeted attacks.
The continued activity indicates relationships forming among “secure syndicates” that closely collaborate and use the same tools. This is suggesting a major change in how threat actors work together in the underground economy. With syndicates working together, the lines are even more blurred between threat actor groups, making attribution more difficult.
In addition, Accenture Security analysts have observed a shift in the way Cobalt Group targets victims to gain access to the victims’ supply chain networks. Threat actors have typically sent malware to internet users via phishing emails. However, analysts now see an emergence of malware executed through web browsers focused on targeting online merchants and retailers specifically.
Read more at e3zine
