We are seeing our customers experience malware (Malicious software like Ransomware or Banking Trojans) that is continuing to bypass their antivirus software (see why in our blog on “Why antivirus fails“). One of the reasons is that criminals are very open to sharing the techniques and tools they use to get past traditional security controls such as antivirus or a firewall.
1. Creating Partnerships:
There is further evidence that a number of the ransomware criminal groups are creating partnerships enabling them to bypass controls. An example in the article was that “In recent months, the operators of the GandCrab ransomware-as-a-service affiliate operation announced a new partnership with NTCrypt, a malware crypter service that’s designed to alter malicious code to make it more difficult for security tools to detect.”
2. Sharing compromised victims to expand reach
The criminals who already have hundreds of thousands of victims of their Banking Trojans are able to share them with another group who can then extort them for more money through Ransomare. This is because the businesses did not detect or remove the original malicious software as their antivirus was not able to identify it. As described in the article. “The Trickbot banking Trojan, meanwhile, has also been doing double duty as a dropper and pushing Ryuk ransomware onto some – but not all – systems that it infects.”
3. Previous criminal groups share new techniques
Although authorities continue to find success in arresting some of these criminal groups which often breaks their operations. These groups seperate and reform to return to their lucrative illegal activities. Often forming new criminal organisations and later collaborating with others from the same previous groups. This was seen in Trickbot which came from a group who produced Dyre and split into a number of other groups.
“The Trickbot banking Trojan is being used in cyberattacks against small and medium-sized businesses, and individuals in the U.K. and overseas,” the U.K.’s National Cyber Security Center, which is the public-facing arm of intelligence agency GCHQ, warned last September.
See more in the article below:
https://www.bankinfosecurity.com/repeat-trick-malware-wielding-criminals-collaborate-a-12219
This is one of the reasons that large businesses use layers of security to identify when these controls fail and then take steps to clean this up. Normally this is through what is called a Security information and event management (SIEM) and these cost hundreds of thousands of dollars and require a team of experts (internal or as a service) to identify when they get past and the steps to take to resolve.
This is a problem for small businesses who do not have the team, tools or budget to take these vital steps. If this is you and you want to get the capability but at a hundredth of the cost then reach out and see how we are changing the game for small business.