Cybercrime isn’t going away and it’s not slowing down. In 2022, there was a 13% increase over the number of ransomware attacks reported in 2021 according to the Verizon 2022 Data Breach Investigations Report. We’re now at the point where 33% of organizations globally have suffered a ransomware attack.
Cybercrime is a lucrative industry with a growing number of highly sophisticated and well-funded players. These criminal organizations are also becoming more creative in how they steal your money. Below are two cybercrime tactics that we will see more of in 2023.
The Initial Access Broker
A new ransomware related approach that is taking off is the Initial Access Broker. The Initial Access Broker penetrates your dealership and then sells access to your network to other cybercriminals. Taking advantage of an Initial Access Broker alleviates the effort ransomware gangs need to expend to initially penetrate your network.
The Initial Access Broker model – like the Ransomware as a Service model – is another example of the creativity of the cybercriminal and their ability to find additional approaches to generating revenue. These new approaches are part of the reason why the incidence of cybercrime continues to skyrocket. The Initial Access Broker and Ransomware as a Service models make it very easy for anyone to get into the game and steal your money.
Oh, don’t forget, that with the growing popularity of the Initial Access Broker, if you pay the ransom, you are a fool. When listing your dealership’s name on their online catalogue of networks that have been penetrated, the Initial Access Broker will make sure that other cybercriminals know that you are someone who pays ransom. You’ll be sure to have other criminals waiting in line to withdraw money from your bank account.
The number of listings for initial access offerings has increased 58% between 2021 and 2022. Look for this to continue to grow in 2023.
For more leverage, the cybercriminal is increasingly moving beyond simply holding your data for ransom. The new thing now is to couple holding your data for ransom with the threat of selling your exfiltrated data on a darknet forum. So, if you decide not to pay the ransom, the cybercriminal will just sell your customer data to other criminals. This trend makes it even more important to not allow your data to be stolen in the first place.
The key to avoid being placed in a double extortion situation is to implement a cyber defense that enables your IT/cybersecurity team to detect indicators of suspicious behavior. With this capability, you can catch an attack in its infancy. If you have trained cybersecurity professionals detecting an attack in the making, then they can kill the attack before the cybercriminal can steal your data or shut down your systems.
Cybercrime tactics are constantly evolving. If you have a stagnant cyber defense, then you will lose.