Ransomware: The Era of Mass Exploitation CampaignsRecorded Future's Allan Liska on Criminal Innovations in Ransomware
The Global ESXiArgs and GoAnywhere ransomware campaigns show how mass exploitation campaigns are the latest of many criminal innovations in 2023. Based on tracing ransom payments, they weren't very profitable. But ransomware actors do love their zero-days, said Allan Liska, principal intelligence analyst at Recorded Future. Whether or not they can turn that into something that makes money remains to be seen.
See Also: Ransomware: Defense in Depth with VMware
Security leaders also need to be wary of configuration error attacks. Two high-profile ransomware attacks, the Western Digital and D.C. Health Link breaches, gained initial access through the victims' cloud providers. Liska warned that even though providers such as Google Cloud, Microsoft Azure and AWS help organizations better secure their clouds, it can be easy to make a configuration error in complex cloud environments.
"The bad guys are getting better at understanding the faults in the cloud. And so we will see more of that going forward," Liska said. "I don't think either the D.C. Health Link or Western Digital was an encryption event; it was all data-theft events. But we are seeing a growth in extortion-only attacks. So this is right in line with 'steal data from wherever you can and then hold that data ransom.'"
In this video interview with Information Security Media Group at RSA Conference 2023, Liska also discusses:
- The rise of Frankenstein ransomware;
- The latest in de-RaaSing of ransomware;
- The impact of ransomware-combating efforts that are currently underway.
Liska has more than 15 years of experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. He has helped countless organizations improve their security posture using more effective and integrated intelligence.