Long before hacker groups go after big-time targets across vital industries, they test out their tools and software on small- and medium-sized businesses. This targeting stems from the fact that smaller-sized businesses tend to lack the resources to defend against constantly evolving cyber-attacks. They cannot afford to retain cyber security services, nor can they afford cyber liability insurance. Then, when those attacks are perfected by hacker groups, they evolve to become sophisticated enough to pose serious threats to organizations of all sizes and across all sectors.
Roughly 60% of cybersecurity breeches are discovered within days, but 20% of incidents take months to identify. Some 13% of breaches are the result of misconfiguration errors, avoidable if organizations had access to the right expertise. It is estimated that the average cost of ransomware attacks is around $115,000, a number that does not include costs related to things like operational downtime, reputational damage, regulatory fines, or legal fees.
Most small- and medium-sized businesses lack the know-how to keep up with the cybersecurity trends, and stories of hack attacks against them do not get the level of publicity that attacks targeting hospitals or casinos have received. Thus, they may view the threat of a business getting victimized by hack attacks as something only big businesses with deep pockets need to worry about. Nor does it help that comprehensive cyber liability insurance costs thousands of dollars a year, before any deductibles, and working to remedy a cyber-attack after the fact presents an entirely different set of challenges.
Although smaller-sized businesses have been getting targeted by hacker groups for well over two decades, it is a segment that has been largely overlooked. An important distinction about cybercrime is that it is of a decentralized nature, so when one hacker group is taken out then other hacker groups come in to take over. The same is true for different hacking software.
Despite that most of the tools and software utilized by hacker groups were identified by cybersecurity experts, there were many that were unidentifiable, potentially new and in “testing”. Access brokers for such software and tools tend to be the same person, but they are only one link in a larger chain. Many of the more sophisticated hacker groups have members who are assigned with specific responsibilities, everything from reconnaissance responsibilities to negotiation responsibilities. In short, hacking has become commercialized, and nobody can afford to be oblivious to the threats that are bound to plague society in the digital world.
Some of the tools that hacker groups have traditionally relied upon for hack attacks, including ransomware, spyware, remote access tools (RATs), as well as monitoring and management (RMMs) tools, have become more readily available. RATs and RMMs allow hackers to take over a device without a user knowing their device has been compromised or that all the device activity is being viewed in real-time. These tools are often software specifically created for technology manufacturers and policing stakeholders, but which hacker groups have also managed to get their hands on. But they can also be knock-off software that mimics official software used by technology manufacturers and policing stakeholders by targeting the same backdoor loopholes. Attacks are no longer limited to physical devices either, as hackers have begun to target cloud environments, and some experts in cybersecurity have called the hack attacks of 2023 as the year of disguise attacks. The evolution of these hack attacks has added a new layer to the layers of worries that small- and medium-sized business owners have to think about.
One source of support that many small- and medium-sized businesses have turned to is Huntress, a cybersecurity firm that focuses on providing affordable cybersecurity solutions for such businesses. A source of support that has become renowned for successfully squashing hack attack attempts and going after the hacker groups behind them.
The “2024 Cyber Threat Report”
For anyone interested in getting up to speed on the cybersecurity threat landscape and the different threats that are plaguing small- and medium-sized businesses, Huntress’ “2024 Cyber Threat Report” is a great starting point. The report touches on things like threat types and trends, the ransomware landscape, the compromising of emails, threats across various industries, and potential emerging concerns. It should be a must-read for every small- and medium-sized business because it promises to change how they think about cyber security.
One of the more notable trends among hacker groups has been that many have resorted to weaponizing legitimate tools to hide in plain sight, relying on RRMs like ScreenConnect and Altera. One of the ways hacker groups obtain access to these off-the-shelf tools is by setting up fake companies and qualifying for trial versions of them. Some of the cloud storage hack attacks that hacker groups have had success with are OneDrive and Google. Once inside, these hackers often aim to steal people’s customer profiles and payment info to release into the dark web, and they are doing so thanks to those off-the-shelf tools that allow them to do so.
Perhaps the most significant outcome in the war on cybercrime in 2023 was the takedown of the QakBot malware distribution and control network, led by the US Department of Justice. The “win” was short lived, as other ransomware hacker groups worked to take their place, and Qakbot attacks have continued to persist. It was these types of attacks that targeted healthcare providers and even municipalities.
Two of the more severe malwares that have been utilized are DarkGate and INC Ransomware. DarkGate is a malware that logs keystrokes and other types of information stealing. DarkGate was often the result of malicious ads and falsely advertised files for download, which came with the desired files as well as the malware. For INC Ransomware, downloaded files often came encrypted with the ransomware, which, once opened, started to disable different services, forcing a ransom.
Email has traditionally been one of the most reliable methods for hacker groups to carry out attacks at scale, by playing a numbers game: hoping someone clicks on a malicious link or opens the compromised attached file. A new methodology for compromising emails has emerged and it involves hackers manipulating inbox settings in a way that keeps user from ever finding out that their communications are being monitored.
The end goal of their hacks tends to differ between organizations depending on the industry. In the healthcare industry, hacker groups will threaten to release patient information or deactivate critical machinery required in life-or-death situations. The tools that hacker groups rely on in these instances are RATs and RMMs as well as trojans, and the three main ransomware families were Dharma, DarkGate, and LockBit.
In the industrial industry, which includes construction, aerospace, defence, tools, and machinery, and government contracting entities, hacker groups focus on long-term results over quick profits. One of the lesser-known hack attacks has to do with leveraging high-powered networks to mine for cryptocurrency. Such attacks are hard to detect, but they always show up on the electricity bill. When it comes to ransomware, the variants that hacker groups will use are more diverse, but their attacks are more targeted and precise. For email attacks, hacker groups prefer to manipulate inbox settings and keep an eye out for information like wire transfer details, then taking over the email and changing payment details, with the accounting department only finding out a long time after the crime has been committed.
Many of the activities that hacker groups are engaging in remain consistent, but one trend seems to be emerging to gain initial access to networks. More high-availability, external-facing applications are getting exploited to establish initial points of presence in victim networks. Another popular access route is through user spoofing in cloud-based applications and services. What complicates much of it is that if the hacker groups are sophisticated enough then they may make it so that they leave no digital footprint behind.
Huntress offers free access to educational webinars, eBooks, and more.
For anyone interested in learning more on the intersection between cybersecurity and smaller businesses, Huntress provides free access to a digital library full of webinars, eBooks, and more, under their resources section. They include insight on account takeovers and how to prevent them, the financial impact of threats, information on cybersecurity insurance, how to survive a nightmare attack, and even a provide a look at the dark web. A click on one of those informational links may help prevent a click on a malicious link.
References
Huntress “2024 Cyber Threat Report” (2024) at https://www.huntress.com/resources