As the ransomware landscape continues to evolve at a rapid pace, many organizations are struggling to keep up. According to a recent survey published in the Harvard Business Review, 65 percent of board directors still believe their organizations are at risk of a material cyberattack within the next year. Worse yet, almost half believe they are unprepared if they face a targeted attack.
This report provides an in-depth analysis of several distinct intrusion sets associated with the most prolific ransomware operations during 2022. To prepare the report and identify patterns of note, the Cyderes Special Operations team analyzed telemetry from our customers and trends in threats observed, along with emerging threats and intelligence they were tracking during 2022. The report provides insight into the movements of and relationships between various adversaries, as well as the types of industries they are targeting. It also offers recommendations on how to build a cyber-resilient enterprise security program.
The malware analyzed in this report has been broken down into three distinct stages:
Stage 1: Loaders – The adversary is seeking to achieve a foothold on the inside of the target environment, and then maintain that foothold in order to deploy additional tools and conduct further activities to meet its final objectives.
Stage 2: Exploit Kits – Using the loader, the adversary deploys additional tools onto an already compromised asset. Exploit kits provide adversaries with the tools and capabilities to enumerate the compromised environment, locate and obtain credentials for key targets, laterally move tools and malware across the network, provide capabilities that facilitate remote access, and more.
Stage 3: Follow-Through – The payload that facilitates the desired end-state from which the entire campaign is derived. This is the malware that ultimately enables the final goal.