Infoblox has published its Quarterly Cyberthreat Intelligence Report for Q2 2021 stating that ‘This year has turned out to be one of the worst years for ransomware’. From April 1, 2021, through June 30, 2021, the company’s publicly published threat intelligence is included in the report.
An Expanded View of Ransomware
The threat of ransomware is once again at the forefront of the quarterly threat report. This year has been one of the worst for ransomware attacks. Why? Because that’s where the big bucks are to be found. Ransomware extortion actions are very appealing to threat actors due to the huge potential return on investment.
Ransomware currently accounts for about 10% of all data breaches. Successful ransomware attacks may be catastrophic to a company in terms of damage and cost. The recent ransomware attacks on JBS and Colonial Pipeline have brought the dangers of increasingly sophisticated ransomware operations to the forefront once again.
Ransomware-related payments have been estimated to total $370 million in cryptocurrencies in 2020. It’s not only about the ransom payments when it comes to ransomware expenses. Ransomware’s overall impact is projected to be far larger than the cryptocurrency payouts—perhaps $20 billion.
The study provides a high-level overview of the ransomware-as-a-service process flow and major distribution routes, as well as in-depth analysis of ransomware campaigns on which we have previously conducted unique research. The paper contains details on the NIST cybersecurity framework profile for ransomware risk management and the CISA new ransomware preparedness assessment, both of which were released in June of this year by these government agencies.
Core Research on Malware Variants and Trends
The report examines new and emerging malware variants and trends, as well as how they vary from previous variations and effective protective techniques and best practises. Coverage of the company’s published research and cyberthreat alerts on the following campaigns is included in the report:
- Malspam Campaign Spoofing Waybill Delivers Nanocore Rat – June 28, 2021
- Hancitor Downloads Infostealers – June 22, 2021
- Shathak Pushes IcedID Banking Trojan – June 9, 2021
- RemcosRAT Malspam Campaign Spoofs UAE Machinery Company Correspondence – June 2, 2021
- Cyberthreat Advisory – Nobelium Campaigns and Malware – June 2, 2021
- Graftor Adware Still Circulating – May 27, 2021
- Biotech-Themed Malspam Drops BitRAT – May 18, 2021
- Cyberthreat Advisory: DarkSide Ransomware Attack on Colonial Pipeline – May 13, 2021
- Malspam Delivering Agent Tesla Keylogger Spoofs Oil & Gas Co. Messages – May 12, 2021
- Cyberthreat Advisory: FiveHands Ransomware – May 10, 2021
- Polish Language Malspam Campaign Delivers AveMaria Infostealer – May 3, 2021
- Post-Takedown Trickbot Activity – April 28, 2021
- Spoofed Vehicle Purchase Invoice Malspam Drops Formbook Infostealer – April 16, 2021
- Agent Tesla Malspam Campaign Spoofs Bank Correspondence – April 13, 2021
- Italian Economic Support-Themed Malspam Delivers Ursnif Banking Trojan – April 1, 2021
Guidance on DNS Security
In the public sector, DNS is critical to the security stack’s basis. In 2021, the NSA and CISA issued advice suggesting that every agency, organisation, and company use a protected DNS (PDNS) service to use the current DNS protocol and architecture. Selecting a Protective DNS Service explains the benefits and dangers of DNS security and evaluates different commercial PDNS providers based on their stated capabilities.
Infoblox’s foundational security, which incorporates BloxOne Threat Defense, provides extremely complete DNS security. Based on NSA’s performance criteria, Infoblox got a perfect score of 100 percent.
Mohammed Al-Moneer, Regional Director, META Region at Infoblox says, “The Q2 2021 Cyber Threat Intelligence Report provides detailed analysis on the most pressing risks and cyber threats facing business organizations today. For IT security professionals, the report delivers important news on the evolving methodologies and technologies attackers are using to breach defenses. Just as importantly, it details the measures law enforcement is bringing to bear to combat the ransomware wave that’s plagued international businesses and non-profits in recent years. Accurate intelligence about timely, relevant threats enables an organization to make thoughtful, targeted improvements to its defenses and lower its risk.”