News, news analysis, and commentary on the latest trends in cybersecurity technology.
Darktrace's Brianna Leddy on How Ransomware Groups Adapt to New Defenses
In this Tech Talk, Darktrace's Brianna Leddy and Dark Reading's Terry Sweeney discuss ways ransomware groups adapt their activities as enterprise security teams evolve their defenses and controls.
Ransomware groups are difficult to shut down because they are constantly adapting their techniques to evade newer security defenses and controls. In this Tech Talk, Brianna Leddy, director of analysis at Darktrace, says that just because an attack group ceases operations doesn't mean they won't reemerge in a different form.
For example, researchers believe that the DarkSide group behind the ransomware attack against Colonial Pipeline returned as BlackMatter, a ransomware-as-a-service group. DarkSide shut down its operations, presumably because of investigations by law enforcement and the US federal government clawing back the ransom payments.
This past year, several affiliate groups working with the group behind REvil ransomware were arrested. Even so, the fact that a site affiliated with REvil recently started redirecting to a new site seems like an indicator that the group is back in operation.
"I don't think it's the last that we've heard of this name," Leddy says.
Rebranding can also reflect a shift in tactics, Leddy says. As more organizations are scanning networks to look for malicious traffic, more attackers are beginning to "live off the land," Leddy says. Living off the land refers to abusing legitimate administrator tools and services to blend in their malicious activities among all other normal, day-to-day network traffic. Attackers are also increasingly targeting cloud services and backup servers to make it more difficult for organizations to recover their encrypted files from the attack group.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024