Latest research shows how cybercriminals’ business models may change
Trend Micro, one of the world’s leading providers of cybersecurity solutions publishes a new study that looks at the expected changes in the ransomware sector. In it, threat experts warn of a potential revolution in the ransomware “industry,” with cybercriminals expanding into other illegal business models and joining forces with state actors or organized crime.
Threat actors are evolving their methods in response to corporate defense strategies, law enforcement successes, and government sanctions. This is made possible, for example, by scaling attacks due to increased automation, increased targeting of IoT and cloud environments, and improved operational security (OpSec) and monetization on the part of attackers.
The report from the Japanese cybersecurity vendor cites several triggers that can cause ransomware actors to change their business model. These can be either many smaller changes within the IT landscape or a few particularly impactful global factors. Both variants can lead to cybercriminals increasingly relying on supply chain attacks, for example, in order to reduce their dependence on initial access brokers (IABs) in this way. Similarly, they may use stolen data for stock manipulation, sell more services to “traditional” organized crime, partner with other criminal groups, or even cooperate with state actors.
There is no magic bullet for overcoming these challenges. IT security managers and government agencies should therefore take a hard look at potential changes in cybercrime business models. Trend Micro’s report recommends a number of measures to prepare for these future scenarios, including:
- Increased protection of Internet-based and internal enterprise systems.
- Migrating to cloud services
- Focusing cyber defense efforts on detection & response and first access vectors
- Strengthening government sanctions against cybercriminal kingpins and intermediaries
- Regulation of cryptocurrencies to increase transparency, protect consumers from fraud, and make money laundering more difficult
“Change is the only constant in cybercrime. Sooner or later, economic and geopolitical forces are forcing ransomware groups to either adapt or give up,” said Richard Werner, business consultant at Trend Micro. “Amid this uncertain threat landscape, IT security teams need a unified cybersecurity platform that provides visibility and control across the entire attack surface, including hybrid cloud infrastructures. The results of our study help organizations prepare for this future.”