IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

Cyber threats escalating as alliances between threat actors grow

By Shannon Williams
Thu 2 Dec 2021

Cyber threats are escalatibg as alliance between threat actors grow, according to cybersecurity firm Group-IB.

The company has presented its research into global cyberthreats Hi-Tech Crime Trends 2021/2022 at its annual threat hunting and intelligence CyberCrimeCon21 conference. 

As part of the report, which explores cybercrime developments in H2 2020 H1 2021, Group-IB researchers analyse the increasing complexity of the global threat landscape and particularly highlight the growing role of alliances between threat actors. 

The trend manifests itself in partnership between ransomware operators and initial access brokers under the Ransomware-as-a-Service model. Scammers too band together in clans to automate and streamline fraudulent operations. Notably, individual cybercrimes, such as carding, is in decline for the first time in a while.

For the 10th consecutive year, the Hi-Tech Crime Trends report analyses the various aspects of the cybercriminal industry's operations, examines attacks, and provides forecasts for the threat landscape for various economy sectors. 

The report was for the first time divided into five major volumes with different focuses ransomware, the sale of access to corporate networks, cyberwarfare, the financial sector threats, and phishing and scam. Forecasts and recommendations outlined in Hi-TechCrime Trends 2020-2021 seek to prevent damage and downtimes for companies around the world.

Sales of access to corporate networks: companies in APAC are trending

In H2 2020 H1 2021, the market for the sale of access to corporate networks continued to flourish and reached $7,165,387 globally, which is a 16-percent increase compared to the corresponding period a year earlier. It should be noted that some of the sellers do not specify costs for the lots they offer, which creates certain obstacles to evaluating the actual size of this market.

In APAC alone, the total cost of all the accesses to the regions companies available in the underground totalled $3,307,210 in the review period, which is nearly a 7-fold increase year-on-year. Most of the accesses on the sale belonged to organisations from Australia (36%), India (23%) and China (14%).

Australia and India have even made it to the global top-5 of countries, access to whose companies is most frequently found in the underground, with a 4-percent and 3-percent share, respectively. They are preceded by the United Kingdom (4%), France (5%), and the United States (30%).

The majority of companies affected belonged to the production, education, financial services, healthcare, and commerce. In the review period, the number of industries exploited by initial access brokers surged by 75% from 20 to 35, which indicates that cybercriminals just start to realise the variety of potential victims. This is also reflected in the fact that the number of countries affected by the sellers of access to corporate networks rose by 62% from 42 to 68. In APAC alone, the number of attacked countries grew by 50% from 10 to 15, having added Singapore, Indonesia, Malaysia, and South Korea.

The number of initial access brokers continues growing as well, with the number of access sellers having amounted to 262 in H2 2020-H1 2021. At least 229 out of them are newbies to the market. To compare, over the previous review period, the number of active sellers totalled 86. The total number of accesses offered for sale reached 1,099, compared to 362 a year earlier.

Cybercriminals who buy access to corporate networks frequently monetise it with the help of ransomware-as-a-service affiliate programs. Group-IB analysts expect the growing demand for ransomware to contribute to the emergence of new initial access brokers and the general increase in the number of access offers.

Corporansom: instruments to pressure victims and RaaS

Over the review period, Group-IB analysts recorded 21 new Ransomware-as-a-Service (RaaS) programs, which is a 19-percent increase compared to the previous period. During the review period, the cybercriminals have mastered the use of Data Leak Sites (DLS), web resources that are used as an additional source of pressure on their victims to make them pay the ransom under the threat of leaking their data in public. However, in practice, even if the ransom is paid, the victim can find its data available in public. The number of new DLS resources more than doubled during the review period and reached 28, compared to 13 in H2 2019 H1 2020. In total, the data on 2,371 companies were released on DLS websites over the time. This is an increase of unprecedented 935% compared to the previous review period, when data on 229 victims was made public.

It is noteworthy that in the first three quarters of this year, ransomware operators released 47-percent more data on the attacked companies than in the entire 2020. Taking into account that cybercriminals release the data on only about 10%of their victims, the actual number of ransomware attack victims is dozens more. The number of companies that opt for paying ransom is estimated at 30%.

According to the data from DLS resources, the APAC region ranked third in terms of the number of attacked companies in 2020 and 2021, preceded by Europe and North America. In the first three quarters of this year, the Asia-Pacific's share in the regional distribution grew from 6.1% to 9.1%. In the current year, the majority of publicly known ransomware attack victims in APAC originated from Australia (41), India (24), Japan (16), Taiwan (16), and Indonesia (12).

Globally, the majority of companies targeted by ransomware operators in the current year originated from the United States (49.2%), Canada (5.6%), and France (5.2%), while the majority of organisations affected belonged to manufacturing (9.6%), real estate (9.5%) and transportation (8.2%).

Having analysed ransomware DLS in 2021, Group-IB analysts concluded that Conti became the most aggressive ransomware group, which made public information about 361 victims (16.5% of all victim-companies whose data was released on DLS), followed by Lockbit (251), Avaddon (164), REvil (155), and Pysa (118). Last year's Top 5 was as follows: Maze (259), Egregor (204), Conti (173), REvil (141), and Pysa (123).

Holding back carding

Over the review period, the carding market dropped by 26% from $1.9 billion to $1.4 billion compared to the previous period. Such a decrease is explained by the lower number of dumps (the data stored on the bank card magnetic stripe) offered for sale: the number of offers shrank by 17% from 70 million records to 58 million in light of the shutdown of the largest card shop Jokers Stash. Meanwhile, the average price of a bank card dump fell from $21.88 to $13.84, while the maximum price surged from $500 to $750.

An opposite trend was recorded on the market for the sale of bank card text data (bank card numbers, expiration dates, names of owners, addresses, CVV): their number soared by 36% from 28 million records to 38 million, which can among other things be explained by the increased number of phishing web resources mimicking famous brands amid the pandemic. The average price for the text data climbed from $12.78 to $15.2, while the maximum one skyrocketed 7-fold from $150 to unprecedented $1,000.

In APAC specifically, the carding market dropped from $328.7 million to $291.5 million in the review period. This was accompanied by the increase in the average price of text card data from $14.23 to $20.26 and a dramatic drop in the price of a dump from $75.17 to $39.57.

Phishing and scam partner programs

Another cohort of cybercriminals actively forging partnerships over the review period were scammers. In the last few years, phishing and scam affiliate programs became highly popular. The research conducted by Group-IB shows that there are more than 70 phishing and scam affiliate programs. Participants aim to steal money, as well as personal and payment data. In the reporting period, the threat actors who took part in such schemes pocketed at least $10 million in total. The average amount stolen by a scam affiliate program member is estimated at $83.

The affiliate programs involve large numbers of participants, have strict hierarchy, and use complex technical infrastructures to automate fraudulent activities. This helps scale phishing campaigns and customise them for banks, popular email services, marketplaces, logistics companies, and other organisations. Phishing and scam affiliate programs, initially focused on Russia and other CIS countries, recently started their online migration to Europe, America, Asia, and the Middle East. This is exemplified by Classiscam. Group-IB is aware of at least 71 brands from 36 countries, impersonated by the affiliate program members.

Related stories
Top stories
Story image
Video: 10 Minute IT Jams - An update from Mendix
Mendix is a low-code platform used by businesses to develop mobile and web apps at scale, and Jornt joins us today to discuss how these offerings work, and what benefit they have in the development process.
Story image
Artificial Intelligence
Appier achieves historically high growth rate of 56% YoY
"Our strong momentum over the past two quarters underscores Appier's significant growth alongside our customers."
Story image
Lucid Software
Lucid Software expands enterprise offerings with enhanced slack apps
Lucid Software has expanded its enterprise offerings with enhanced slack apps for its Lucidspark and Lucidchart technology.
Story image
Kaspersky uncovers new attacks by advanced persistent threat group
The attacks involved modifications of the well-known malware, DTrack, as well as the use of a brand-new Maui ransomware.
Story image
Can biometrics help? 123% increase in Gen Zs scammed online
In the three years leading up to 2022, the number of Gen Zs who fell victim to online scams rose by 123%, according to Ping Identity.
Story image
How well do rangatahi understand cyber safety in Aotearoa?
Do rangatahi in Aotearoa understand the importance of being safe online, or has lifelong exposure to the internet resulted in widespread complacency?
Story image
Data analytics
Pressure on orgs to up their data analytics game - study
A recent report from Sisense highlights data transmission, analysis, and risk management remain top concerns for data professionals in APAC.
Story image
Artificial Intelligence
Gartner unveils key emerging tech to watch in 2022
"Such technologies present greater risks for deployment, but potentially greater benefits for early adopters," says Gartner.
Story image
Organisations exposing highly sensitive protocols to public internet
More than 60% of organisations expose remote control protocol SSH to the public internet, while 36% of organisations expose the insecure FTP protocol.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
High level of Customer Identity & Access Management adoption
The study from Okta revealed that the pandemic has either accelerated or highlighted the need for digital-first strategies.
Story image
Datacom research explores reality of zero trust in A/NZ
Zero trust is fast emerging as global best practice in cybersecurity and local leaders are on board, with 83% considering it essential to security.
Story image
Snyk announces plans to expand partner network in APJ
Recognising that partnerships are critical for growth, Snyk is building an entire partner ecosystem that will drive its expansion across APJ.
Story image
Enterprise Resource Planning / ERP
Why the right ERP (and partner) is crucial to an innovative and successful business
Enterprise Resource Planning (ERP) is a foundational step to ensuring a robust business model; here's why choosing the right one could be vital to ensuring long-term success and innovative results.
Story image
Ministry will no longer accept equipment from Chinese firm Hikvision
The Ministry of Business, Innovation and Employment (MBIE) says it will no longer accept equipment from a major Chinese surveillance camera maker.
Story image
Garmin expands NZ footprint with new Auckland distribution centre
The facility at Goodman’s Highbrook Business Park will be fully operational from October 2022 and features 3,586sqm of warehouse space.
Story image
Education sector seeing highest volumes of cyber attacks
When breaking down the numbers to education attacks by region in July 2022, A/NZ was the most heavily attacked.
Story image
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Latest VMware threat report reveals truth about deepfakes
"Cyber criminals have evolved. Their new goal is to use deepfake technology to compromise organisations and gain access to their environment."
Story image
Privileged Access Management / PAM
The importance of stopping identity sprawl for cybersecurity
The 2021 Data Breach Investigations Report (DBIR) shows that 61% of all breaches involve malicious actors gaining unauthorised, privileged access to data by using a compromised credential. Unfortunately, it is often too late when the misuse of a credential is detected.
Story image
Dynatrace extends application security capabilities for runtime environments
Dynatrace has announced that it has extended its Application Security Module to detect and protect against vulnerabilities in runtime environments.
Story image
Augmented Reality
TeamViewer remote access software integrated into RealWear Cloud
TeamViewer has announced a major expansion of its partnership with RealWear, a leading provider of assisted reality wearable solutions for frontline industrial workers. 
Story image
Gartner Magic Quadrant
Gartner names Lookout a Visionary in 2022 Magic Quadrant
Gartner has recognised Lookout as a Visionary in the 2022 Magic Quadrant for Security Service Edge (SSE) and one of the top three offerings in the 2022 Gartner Critical Capabilities for SSE report.
Story image
Why printing security plays a vital part in keeping Aotearoa safe
While internet printing, mobile printing and other similar technologies have no doubt made things easier to manage, it has also brought a whole new set of problems to the table.
Story image
Exclusive: The Access Group shares the benefits of embracing SaaS
In today's rapidly changing working environments, efficiency and productivity are surefire ways to create business growth and success.
Story image
New Zealand cloud provider challenges Google's claims on data control for region
A Wellington cloud services provider says Google's claim it will offer New Zealanders complete control over their own data is not true.
Story image
Application Performance Monitoring / APM
New Relic integrates offering with Atlassian’s Jira Software
New Relic has integrated errors inbox with Jira Software to allow developers to easily access and set up complete stack error tracking and software performance monitoring from within the tool.
Story image
Digital Transformation
Top tips for making your finance transformation program a resounding success
Planning to make 2023 the year you embark on a wholesale finance transformation program? It’s a move that will stand your enterprise in excellent stead as you navigate the complexities of the post-Covid business landscape.
Story image
Tech job moves
Tech job moves - Fastly, INX, Kinly, SmartBear & Vectra AI
We round up all job appointments from July 29 - August 12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Dicker Data
Dicker Data brought on as Acronis partner for A/NZ
The news about the partnership comes in as cyber criminals continue to exploit gaps in traditional solutions and strategies in NZ and across the APAC region.
Story image
Cloud Security
Tenable makes additions to Cloud Security portfolio
Tenable has announced additions to Tenable Cloud Security that represent the next step in assessing threats related to cloud vulnerabilities.
Story image
Avast reveals zero-day exploits targeting Chrome and Microsoft
Avast, released its Q2/2022 Threat Report today, revealing a significant increase in global ransomware attacks, up 24% from Q1/2022.
Story image
Why enhancing bot protection for web and API endpoints matters
The trouble with bots is that they aren’t all bad. Unfortunately, this can make it challenging to detect malicious bots that find their way into your system and threaten your business.
Story image
Investment in APAC cold storage to reach $5 in next decade
Investment in Asia Pacific’s cold storage market is expected to grow fivefold in the next decade, according to JLL.
Story image
Artificial Intelligence
Is your chatbot bringing down the customer satisfaction score?
The top 10 reasons why chatbots are failing to meet customer expectations and what you must do to avoid that.
Story image
Cyber attacks
Dramatic uptick in threat activity with exploits growing nearly 150%
"While it’s not a surprise given increased attack opportunities like remote work, it’s still a worrying development and one we cannot ignore."
Story image
Cloud and data protection big challenges for NZ businesses
"This surge towards a cloud-first approach meant security and safety became afterthoughts - there's no point being the fastest car on the racetrack if you crash.”
Story image
Data Protection
Advancing genomic sequencing and public health with digital infrastructures
Right before our eyes, we've witnessed the development of the COVID-19 vaccine in record time. An enormous achievement in an otherwise lengthy task that previously took, on average, 10-15 years.
Story image
Ingram Micro
Ingram Micro NZ sees $74 million revenue growth in 2021
Ingram Micro New Zealand's latest financial report reveals that its revenue from contracts with customers increased by almost $74 million in 2021.
Story image
IBM expands Power10 server line for business modernisation
IBM has recently announced a significant expansion of its Power10 server line with the introduction of mid-range and scale-out systems.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.