Ransomware attacks, including Those species that are hugely destructive and dangerous have proven difficult to crack down on. Hospitals, government agencies, schools, and even critical infrastructure companies continue to face hacking attacks and huge ransom demands. But as governments around the world and U.S. law enforcement begin to crack down on ransomware in earnest and begin to make some progress, researchers are trying to get ahead of attackers and predict where ransomware gangs might turn next if their main hustle becomes unrealistic.
At the RSA security conference in San Francisco on Monday, longtime digital fraud researcher Crane Hassold will present findings, warning that it is logical for ransomware actors to eventually turn their operations into business email compromise (BEC) attacks because of ransomware Software becomes less profitable or carries a higher risk of attackers.In the United States, the FBI has Repeated discovery The total amount of funds stolen in BEC scams far exceeds the funds stolen in ransomware attacks – although ransomware attacks may be more visible and cause more damage and associated losses.
In a business email breach, attackers infiltrate legitimate business email accounts and use that access to send fake invoices or initiate contract payments, tricking businesses into sending money to criminals when they think they’re just paying their bills.
“Ransomware is getting so much attention and governments around the world are taking action to disrupt it, so ultimately the return on investment will suffer,” said Abnormal Security director of threat intelligence and former FBI digital behavior analyst. “And ransomware attackers don’t say, ‘Oh, hey, you got me’ and walk away. So you may be exposed to this new threat because more sophisticated actors behind ransomware campaigns will Move to the BEC realm where all the money is made.”
BEC attacks, many of which originated in West Africa, particularly Nigeria, have historically been less technical and more reliant on social engineering, the art of creating compelling narratives that entice victims to act against their own interests. But Hassold noted that much of the malware used in ransomware attacks is flexible and of a modular quality, so different types of scammers can assemble the combination of software tools needed for their particular scam. The technical ability to establish “initial access” or a digital foothold for subsequent deployment of additional malware is very useful for BECs, and in most campaigns gaining access to strategic email accounts is the first step. Ransomware actors will bring a higher level of technical sophistication to this aspect of the scam.
Hassold also noted that while the most notorious and aggressive ransomware gangs are often small teams, BEC actors are often organized into looser, more dispersed groups, making it harder for law enforcement to target central organizations or kingpins. . Like Russia’s reluctance to cooperate on ransomware investigations, global law enforcement will need time to develop a working relationship with the Nigerian government to deal with BEC. But even as Nigeria places greater emphasis on BEC enforcement, cracking down on large-scale fraudulent operations remains a challenge.