Accenture is warning that the types of disruptive cyber attacks that targeted the NZX, Metservice and several high
profile New Zealand companies are set to increase in 2021.
The release of Accenture’s 2020 Cyber Threatscape Report shows how cyber threats have evolved over the past year, and details the threats expected to characterise the next 12
months.
It shines a light on the tools and techniques ransomware gangs deployed throughout 2020 and details how threats will
continue to evolve.
Accenture’s findings show that ransomware gangs are deploying an increasingly sophisticated arsenal of new open-sourced
tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.
Accenture New Zealand Managing Director Ben Morgan says:
“Last year cyber adversaries placed several high-profile Kiwi companies and public institutions under siege. They used
advanced ransomware and denial of service attacks to disrupt operations and lock owners out of their systems, causing
huge frustration for owners, employees and customers.
“Our latest report shows that these kinds of attacks are set to increase. The large number of people now working from
home has created a greater scope for sophisticated cyber criminals who are looking to exploit remote working
vulnerabilities.
“We have seen this with the rise of spear phishing, where ransomware gangs target specific individuals and businesses
with email campaigns. Once compromised, these gangs will harvest credentials to gain greater access to the business
network, steal company data, and lock out users until a ransom is paid.
“They are also quick to adapt to current events and exploit people’s fears. We have seen this with an increase in the
use of language, themes and imagery related to Covid-19. By mimicking the style of official information and playing upon
people’s fears about the pandemic, ransomware groups are tricking users into clicking on links that allow their systems
to be compromised.
“We’ve also observed that the greater the amount of disruption cybercriminals are able to cause, the more brazen they
can be with their ransom demands. We advise organisations to up their cyber security game by leveraging reliable cyber
threat intelligence to understand and expel the most complex threats.”
Accenture’s report provides business leaders with advice on the practical steps they can all take to mitigate the risk
of a cyber attack disrupting their organisations.
“Cyber criminals move fast to take full advantage of the latest security exploits. All businesses should make sure their
operating systems are up to date with the latest patches and that they regularly back up their data. Failure to do so
can have catastrophic results.
“Where possible, enterprises should limit the type of devices connected to their business networks. Every type of device
has its own risk profile – the more you have in the mix, the harder it is to counter all the possible ways into your
network.
“Most importantly, business leaders should ensure they invest in cyber threat training for their people. Ransomware
campaigns are successful because they exploit people to gain access to systems. Making sure staff can identify and
report suspected ransomware emails is a must for any organisation in 2021.”
In 2019 Accenture launched its Sydney Cyber Fusion Centre. The Centre provides 24/7 cyber incident and threat monitoring services to government and commercial clients across the
Asia-Pacific region and draws on the global expertise of Accenture’s 7000+ strong cyber security practice.Cyber Security Threats in 2021
1. Covid-19 has accelerated the need for adaptive security
Personal and business data continues to be highly valuable commodities. Stolen data is traded in the dark corners of the
internet, or used to exploit individuals and companies for ransoms. Companies in all industries should plan for these
types of attacks to persist indefinitely and to have long-term effects.
Antivirus software became ubiquitous for users of computers and IT systems in the 90s and 2000s. But as cyber threats
continued to manifest and evolve, and businesses took more of their systems online, anti-virus software soon became an
insufficient defence against determined cyber criminals.
Adaptive security is a modern solution for businesses. Anti-virus software once responded to incidents and infiltrations
and picked up threats during regular system scans. Adaptive security is different. Adaptive security architecture
detects, responds and predicts cyber threats in real time. Employing adaptive security creates confidence; for instance,
organisations can use the cloud or expand access to more remote users.
2. Sophisticated adversaries mask identities with off-the-shelf tools
Throughout 2020, Accenture cyber threat intelligence (CTI) analysts observed suspected state-sponsored and organised
criminal groups using a combination of off-the-shelf tooling and open source penetration testing tools at unprecedented
scale to carry out cyberattacks and hide their tracks.
For example, Accenture tracks the patterns and activities of an Iran-based hacker group referred to as SOURFACE (also
known as Chafer or Remix Kitten). Since 2014 the group has become known for its cyberattacks on strategically important
industries in the U.S., Israel, Europe, Saudi Arabia, Australia and other regions. Accenture has observed SOURFACE using
legitimate Windows functions and freely available tools for credential dumping. Groups use these techniques to steal
credentials like usernames and passwords. This allows attackers to escalate privileges or move across the network to
compromise other systems and accounts while disguised as a valid user.
Sophisticated actors, including state-sponsored and organised criminal groups, will continue to use off-the-shelf and
penetration testing tools as they are easy to use, effective and cost-efficient.
3. New, sophisticated tactics target business continuity
To maintain long-term unauthorised access to cyber environments, hackers often abuse native Windows functionality or
other applications installed on the device or network. By taking over trusted applications, cyber criminals are able to
avoid having to deploy tools that may alert network defenders to the presence of their unauthorised activity.
The report notes how one notorious group has aggressively targeted systems supporting Microsoft Exchange and Outlook Web
Access. It then uses these compromised systems to hide traffic, relay commands, compromise e-mail, steal data and gather
credentials for espionage efforts. Operating from Russia, the group, which Accenture refers to as BELUGASTURGEON (also
known as Turla or Snake), has been active for more than 10 years and is associated with numerous cyberattacks aimed at
government agencies, foreign policy research firms and think tanks across the globe.
State-aligned operators often have vast arsenals of cyber resources and capability at their disposal. This underlines
the importance of identifying and tracking priority adversaries and then threat hunting against the specific behaviours
employed by them.
4. Ransomware feeds new profitable, scalable business model
Ransomware quickly became a more lucrative business model in 2020. Cybercriminals took online extortion to a new level
by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The
criminals behind the Maze, Sodinokibi (also known as REvil) and DoppelPaymer ransomware strains are the pioneers of this
growing tactic, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware
peddlers.
The success of these hack-and-leak extortion methods, especially against larger organisations, means they will continue
throughout 2021 and beyond. In fact, Accenture CTI analysts have recently observed recruitment campaigns on a popular
Dark Web forum from the threat actors behind Sodinokibi.
Organisations can mitigate the effects of ransomware attacks by keeping operating systems and software up-to-date,
disabling Remote Desktop Protocol connections, teaching staff how to protect themselves against phishing attacks and
maintaining regular backups of system data.
5. Connectedness has consequences
The world has never been as connected as it is now. While this provides immense opportunities for businesses,
organisations and society, it also poses new threats. As demand for connectivity continues to increase, businesses are
using unpatched and untested devices. These devices pose realistic and accessible targets for cyber criminals to gain
access to other parts of a business’s systems.
Security leaders are fighting back. More bug bounty programs are being introduced, where hackers are encouraged to find
and report bugs or security exploits and vulnerabilities for financial compensation.
The speed at which many new devices have become connected to the internet means that there has been little
standardisation of systems across manufacturers. Each device therefore has its own security profile and vulnerabilities.
Going forward, security leaders should share their knowledge and develop standardised systems that are simple, easy to
integrate, and bear close scrutiny.