Lockbit, Hive, Ransom House, Vice Society, Black Cat And the list goes on. The cybercriminal gangs they use ransomwarea type of attack that encrypts information to ask for money in return, manages a high level of professionalism.
with pages inside dark netsophisticated cryptographic codes, worldwide operators and even a “customer service” system, these attackers have one very clear goal: money.
But the problem is that following “the way of money” to study them is very difficult: they usually collect rewards in cryptocurrencies, assets which, despite being registered, do not allow to know who they correspond to.
This is where the strategies of what is known as threat intelligence (“threat intel”, in English), or groups of hackers dedicated to understanding how they attack criminals, what programs they use and what techniques come into play.
“We work with a framework of what are called”TTPAttack techniques, tactics and procedures. When we look at attacks and threat actor groups, we track all the different techniques. It’s like DNA, “said Fortinet director of global security strategy, Derek Manky, at a panel discussion at Fortinet Xperts Summit 2022 in Cancun, which he attended. Clarione.
Although the number of cases is decreasing, the ransoms they are demanding are increasing. “The volume of ransomware attacks, the total number of detections, is decreasing. But it has become more strategic: fewer attacks, with more scale. The monetary amount is increasing because it is more high-profile and aimed at large corporations and states, “he explains.
For this reason the expert is part of what is known as “Atlas of the project”, An ambitious mapping of ransomware groups around the world.
Project Atlas, the map of cybercrime
Currently there is the Budapest Convention which, according to Manky, “is not enough” to counter the current situation of ransomware.
“It is the only one that has been applied, but it is not sufficient by current standards. What we are doing with the World Economic Forum is that we have created a Association against cybercrime. We have 45 members there right now and it’s between the public and private sectors, ”she explained.
“It is called one of the projects we have created Atlas, which is a map of cybercrime. This is really important because nobody, not even security professionals, knows how many ransomware groups are currently operating, “she adds.
“This is critical because if you have 5 groups of ransomware using a shared resource, the same encryption source code, and you remove that shared resource, you will affect all five and be more effective,” he analyzes.
According to Manky there are a number of “choke points that serve to identify everything related to their infrastructure: the links between cybercrime and groups, identify crypto addresses and how money laundering is doing, and so on: we are putting all of this on a map“.
Also, within the strategies used to map cybercrime is what is known as OSINTOpen Source Intelligence or open source intelligence: everything that is accessible through the social networks, web pages and accounts (official and unofficial) that cybercriminals use, not only on the dark web but on the “common” web (free network).
“You would be surprised at how much useful information can be gleaned from running OSINT. Open source intelligence is a very important source of data used to track these illegal activities: because it is not classified, anyone can access it. The key is how this information is organized, hence the importance of Project Atlas, ”concludes Manky.
About Fortinet Xperts Summit
Fortinet Xperts Summit is an annual summit held by Fortinet, one of the leading companies in cybersecurity. The event brought together cybersecurity experts for 4 days, October 24-28, and brought together communities from Canada, Latin America and the Caribbean.
Specialized workshops, talks, round tables and updates on ongoing debates on cyber security were organized. Some of them, dedicated to journalists from the region.
Clarin participated in the 2022 edition of the event, held in Cancun, Mexico. The first global talks (keynotes) have focused on updates on firewalls, private networks (VPNs) and Strong OS (the company’s operating system, a Linux distribution), as well as cloud services.
To a large extent, the “zero trust” strategy was the leitmotif of the event: Zero Trust Network Access (ZTNA), i.e. assuming that cybersecurity threats can enter through any actor, including employees or workers of an entity .