Date/Time of Report – 2018-22-3 14:30
APT/Vector Name – Criminal Hacker Organizations, Ransomware-as-a-service (RaaS), Malware-as-a-service (MaaS)
Examples – Raas; Cerber, Satan, Hostman, Flux, Atom – MaaS; WannaCry
Purpose/Target – Financial remuneration, intellectual challenges, vengeance against certain organizations, alleviation of boredom, and social gains
Method – Most commonly spear-phishing
Source – First seen from Russia over a decade ago, now worldwide global organizations
APT/Vector Intelligence Summary – Criminal Hacker Organizations consist of three levels; developers, distributers, and buyers. In some cases, developers are elite malware engineers and in other cases developers are simply following client demands unaware their code will end up being used for malicious purposes. Distributers sell these malware services on the dark web. Distributors market their products in hacker forums on the dark web advertising the customizable features and user friendliness of their offerings. Buyers can be disgruntled employees, or criminals looking to achieve financial gain, however the U.S. Government has become the biggest buyer of hacking tools and uses them primarily to infiltrate computer networks overseas. Malware services can be purchased for as little as $45, they come with user friendly interfaces where you can customize and deploy your attack and even comes with metric interfaces where buyers can track their “success.” Companies like Facebook pay a minimum of $500 if hackers are able to penetrate their systems so we also find instances where malware is purchased and used to claim those rewards.
Analyst Notes – Preventing the loading of malware and ransomware starts with educating employees especially on email safety.
Remediation/Avoidance Recommendation – Pre-execution; antivirus, email filtering, URL blocking, whitelisting. Runtime; runtime malware defense. Damage; incident detection, malware removal, backups. Runtime malware defense (such as Barkly) is a program running in real time which detects and blocks behaviors rather than file signatures allowing them to stop newly created ransomware that has never been seen before.
Please contact us for more information!