by Cedric Pernet, Vladimir Kropotov, and Fyodor Yarochkin
Regular cybercriminals appear to be taking a page from targeted attack actors’ playbooks — or rather, toolkits — to maximize their profits from illicit activities like cryptojacking.
One of the differences between regular cybercrime and targeted attacks is intent: The former will almost always have immediate financial gain as its main motivation while the latter will have other goals, for example, intellectual property theft. Furthermore, the mindsets of the threat actors can be very different. Regular cybercriminals will typically need to think of how they can compromise as many individual devices as possible (for example, to deliver ransomware, coin miners, or banking trojans) while targeted attack threat actors will need to plan how to infiltrate and gain full access to corporate networks and remain as discreet as possible.
In addition, targeted attack campaigns often involve extensive planning as well as the creation and use of highly specialized tools. On the other hand, normal threat actors might not have the ability or resources to plan sophisticated campaigns and their tools are more generic in nature and are often available in underground markets.
However, we recently came across evidence of a large-scale cybercrime activity that appears to combine targeted attack tools and regular cybercrime: The attackers distribute typical malware such as cryptocurrency miners and ransomware by making use of sophisticated tools that were previously mostly seen in targeted attacks. In the cases we identified, the threat actors were using a package of tools from the Equation group (which was publicly leaked by the Shadow Brokers) to compromise a large number of mac ..
Support the originator by clicking the read the rest link below.
