‘This Year has Turned Out to be One of the Worst Years for Ransomware’ - Infoblox Q2 2021 Cyberthreat Intelligence Report
August 2021 by Infoblox
Infoblox has published its Quarterly Cyberthreat Intelligence Report for Q2 2021. This report includes the company’s publicly released threat intelligence from April 1, 2021, through June 30, 2021.
An Expanded View of Ransomware
Ransomware is once again front and center in the quarterly threat report. This year has turned out to be one of the worst years for ransomware. Why? Because that’s where the big money is. Large potential return on investment makes ransomware extortion activities highly compelling for threat actors.
Approximately 10 percent of all breaches now involve ransomware. The impact and expense of successful ransomware attacks can be crippling to an organization. The recent attacks on JBS and Colonial Pipeline have once again brought focus to the danger of increasingly sophisticated ransomware campaigns.
The estimated payments in 2020 associated with ransomware have been estimated to be about $370 million in cryptocurrency. Ransomware costs are not just about the ransom payouts. The total damage associated with ransomware is estimated to be much higher than the cryptocurrency payouts—perhaps $20 billion.
The report overviews the ransomware-as-a-service process flow and the primary channels of distribution, as well as provide deep coverage of ransomware campaigns where we have previously done original research. The report includes information on the NIST cybersecurity framework profile for ransomware risk management, and the CISA new ransomware readiness assessment, both published by these government agencies in June of this year.
Core Research on Malware Variants and Trends
The report reviews the new and recently emerged malware variants and trends, how these differ from other variants we have seen in the past, and defensive tactics and best practices that work. Included in the report is coverage of the company’s published research and cyberthreat advisories on the following campaigns:
• Malspam Campaign Spoofing Waybill Delivers Nanocore Rat - June 28, 2021
• Hancitor Downloads Infostealers - June 22, 2021
• Shathak Pushes IcedID Banking Trojan - June 9, 2021
• RemcosRAT Malspam Campaign Spoofs UAE Machinery Company
Correspondence - June 2, 2021
• Cyberthreat Advisory - Nobelium Campaigns and Malware - June 2, 2021
• Graftor Adware Still Circulating - May 27, 2021
• Biotech-Themed Malspam Drops BitRAT - May 18, 2021
• Cyberthreat Advisory: DarkSide Ransomware Attack on Colonial Pipeline - May 13, 2021
• Malspam Delivering Agent Tesla Keylogger Spoofs Oil & Gas Co. Messages - May 12, 2021
• Cyberthreat Advisory: FiveHands Ransomware - May 10, 2021
• Polish Language Malspam Campaign Delivers AveMaria Infostealer - May 3, 2021
• Post-Takedown Trickbot Activity - April 28, 2021
• Spoofed Vehicle Purchase Invoice Malspam Drops Formbook Infostealer - April 16, 2021
• Agent Tesla Malspam Campaign Spoofs Bank Correspondence - April 13, 2021
• Italian Economic Support-Themed Malspam Delivers Ursnif Banking Trojan - April 1, 2021
Guidance on DNS Security
DNS is key to the foundational security stack in the public sector. The NSA and CISA have gone on record in 2021 with guidance recommending that every agency, organization and enterprise leverage the existing DNS protocol and architecture by using a protective DNS (PDNS) service. This information sheet, Selecting a Protective DNS Service, details the benefits and risks of using DNS security and assesses several commercial PDNS providers based on reported capabilities.
Infoblox foundational security using BloxOne Threat Defense provides very comprehensive DNS security capability. Infoblox received 100 percent of the performance score based upon the criteria defined by NSA.
Mohammed Al-Moneer, Regional Director, META Region at Infoblox says, “The Q2 2021 Cyber Threat Intelligence Report provides detailed analysis on the most pressing risks and cyber threats facing business organizations today. For IT security professionals, the report delivers important news on the evolving methodologies and technologies attackers are using to breach defenses. Just as importantly, it details the measures law enforcement is bringing to bear to combat the ransomware wave that’s plagued international businesses and non-profits in recent years. Accurate intelligence about timely, relevant threats enables an organization to make thoughtful, targeted improvements to its defenses and lower its risk.”