Modern-day witchcraft: a new breed of hybrid attacks by ransomware operators -Vaibhav Deshmukh et al

Presented at the VB2024 conference in Dublin, 2 – 4 October 2024.
↓ Slides: N/A
↓ Paper:
→ Details:

✪ PRESENTED BY ✪

• Vaibhav Deshmukh (Microsoft)
• Sudhanshu Dubey (Microsoft)

✪ ABSTRACT ✪

Human-operated ransomware campaigns are among the most significant threats in today’s security landscape, where attackers actively target an organization’s security weaknesses, inadequate password management, and system misconfigurations.

As per various public reports, attackers have increasingly become sophisticated cybercriminals capable of jeopardizing large companies, public organizations, and infrastructures such as educational institutions, healthcare, and financial services.

In recent times, attackers have expanded their focus from targeted attacks on on-premises infrastructure to encompass an organization’s cloud-based assets and cross-platform devices. This shift provides them with a broader attack surface and enhanced pivoting capabilities.

Attackers often use sets of tactics, techniques, and procedures (TTPs), along with dual-use tools such as remote monitoring and management (RMMs), open-source toolkits, custom arsenals, and public exploits. These help increase their success against existing defence solutions. Furthermore, their innovative ways to target identity and access management (IAM) solutions, federated identities and security products provide them ‘God-mode’ capabilities. Over the years, ransomware attacks have evolved into a complex, multi-layered issue where threat actors focus on creating significant disruptions, such as targeting virtualization infrastructure, compromising cloud environments, and extorting targeted data with return on investment as a primary metric.

This presentation will examine several notable ransomware operators associated with Akira, Cactus and BlackCat ransomware. We will explore their ‘modern witchcraft’, which inflicts significant financial damage on numerous organizations. Our report will dissect toolkits, multi-vector attack strategies and attack paths for compromising and navigating through cloud and on-premises infrastructures. We will dive into how they bypass existing security measures and their methodology for impacting organizations, which includes encrypting virtualization servers and critical files, as well as exfiltrating sensitive data.

[ad_2]

source