It’s a year like none we’ve ever experienced. COVID-19’s effects have reverberated around the world, and around cyberspace too. What’s been happening in the threat landscape while we were all preoccupied with the pandemic? How have cyber attackers adapted to the new normal, and how are they exploiting COVID-19? Christine Bejerasco and Calvin Gan, of F-Secure’s Tactical Defense Unit, joined us for episode 44 of Cyber Security Sauna to discuss. In this episode: How threat actors are taking advantage of remote work; email and phishing threats; infostealers and how they profile a company network; and why a ransomware infection may be just the tip of the iceberg.
Learn more details about threats from the first half of the year in our new report, Attack Landscape H1 2020.
Janne: Welcome, guys.
Calvin: Thank you Janne for having us.
Christine: Happy to be here.
I’m sure COVID-19 will feature prominently in this discussion, but while we were looking at the COVID situation in the news, and that was all the news, all the time, what did we miss in the threat landscape?
Calvin: I think one of the things we really missed or really didn’t highlight a lot was about ransomware, where organizations are getting breached with all these infections. While everyone is talking about COVID-19 and how it’s affecting the remote workforce, what we also are seeing at the moment is how ransomware is affecting organizations. We have bigger ransomware group cartels now forming, targeting organizations, building up their resources, and making much more solid attack grounds. And basically it’s a modernized APT, if you want to call it.
Okay, so while we were looking at the real world outbreak, there was another outbreak happening in cyber space.
Calvin: In a way, yes. We have seen companies coming out saying that they are breached by ransomware, and we have also seen some companies caving into the demands of this ransomware.
Christine: What we have noticed ransomware has now been doing as well, in addition to just asking for ransom and demands, has also been that if you don’t pay the ransom, your data, which they have also already exfiltrated in the first place, will now be exposed to the outside world. Essentially telling you that, okay, if we expose your data, then you will end up paying these GDPR fines instead. Because these are data that your customers have.
The previous extortion that ransomware had has evolved to this data exfiltration, which evolved to a different type of extortion and exposure. And the funny thing about this is that for instance, Ramner ransomware, they call this a bug bounty program, like a security assessment program, that they did a security assessment for you and you’re not even paying them. It’s amazing.
You’re not paying a ransom, you’re paying a fee for their findings.
Christine: Yes, exactly.
Yeah, that’s a narrative I’ve seen once or twice in the space, and I’m like, that’sContinue reading