25 November 2019
Accenture report reveals new cybercrime operating model among high-profile threat groups
Cybercrime campaigns and high-profile advanced persistent threat groups are shifting how they target victims and
focusing more on intricate relationships with “secure syndicate” partnerships to disguise activity, according to the
latest 2019 Cyber Threatscape Report from Accenture.
A shift in high-profile cybercrime operating models
The report notes a significant increase in threat actors and groups conducting targeted intrusions for financial gain,
also referred to as “big game hunting.” Despite the arrests of individuals associated with online underground
marketplaces, activity among infamous threat actor groups — such as Cobalt Group, FIN7 and Contract Crew — has
continued. Accenture Security analysts have also observed the shared use of tools that automate the process of
mass-producing malicious documents to spread malware, such as More Eggs, which is used in both conventional crimeware
campaigns and targeted attacks.
The continued activity is associated with relationships forming among “secure syndicates” that closely collaborate and
use the same tools — suggesting a major a change in how threat actors work together in the underground economy. With
syndicates working together, the lines are even more blurred between threat actor groups, making attribution more
difficult.
In addition, Accenture Security analysts have observed a shift in the way Cobalt Group targets victims to gain access to
the victims’ supply chain networks. While malware has typically been sent to internet users via phishing emails,
analysts now see an emergence of malware executed through web browsers focused on targeting online merchants and
retailers specifically.
The global disinformation battlefield
The report also finds evidence of a continued global disinformation battlefield influencing social media users and
cautions that threat actors are becoming more skilled at exploiting legitimate tools. While disinformation campaigns to
influence both domestic or foreign political sentiment and sway national elections will continue, the wider potential
impact of disinformation on global financial markets is even more concerning, the report notes. The financial services
industry — and, more specifically, high-frequency trading algorithms, which rely upon fast, text-driven sources of
information — are likely to be targeted by large-scale disinformation efforts in the future.
Rise in ransomware: network access for sale
In addition, ransomware is increasingly plaguing businesses and government infrastructures, with the number of
ransomware attacks more than tripling in just the past two years. Aside from delivery via spam campaigns, analysts have witnessed threat groups Nikolay and
GandCrab planting ransomware directly on networks through network access intrusions. Actors are offering to sell remote
desktop protocol (RDP) access to corporate networks, which they’ve likely gained through compromised servers and RDP
brute forcing, to those in underground communities.
Supporting comment – Ben Morgan, Managing Director Accenture Interactive New Zealand.
“The critical thing for organisations to understand is that cyber security is not a tech problem, it’s a business
problem that should be a priority for every executive.
“Over the past year, cybercriminals have continued to test the resilience of organisations by layering attacks, updating
techniques and establishing new, intricate relationships to better disguise their identities, making attribution more
difficult to pursue.
“The threats to the operational systems of New Zealand business and critical infrastructure is very real. Just because
we’re a smaller economy doesn’t mean we’re not on the radar of sophisticated cyber predators and Kiwi organisations need
to avoid complacency by ensuring they have the most sophisticated protections in place.
“Organisations should understand the tangible elements, or the bread crumb trail left behind, which can help reveal the
motivations, operational procedures and tool use, to create a profile of the adversary. This process is critical for
organisations to understand so they can proactively be involved in properly allocating resources and improving their
security posture to avoid becoming cybercrime’s next victim.”
About Accenture’s Cyber Threatscape Report
Leveraging Accenture Security threat-intelligence capabilities and research from primary and secondary open-source
materials, the annual report provides insights and predictions on the cyberthreat landscape and how it will shift over
the next year. The goal is to help organisations stay ahead of threats relevant to their organisation, industry and
geography.
To read more about the top threat factors influencing the cyber landscape today and predictions from Accenture Security,
the full 2019 Cyber Threatscape Report is available here .
ENDS