This year has turned out to be one of the worst years for ransomware, says Infoblox in its Quarterly Cyberthreat Intelligence Report for Q2 2021. 

 

Approximately 10% of all breaches now involve ransomware. The impact and expense of successful ransomware attacks can be crippling to an organisation. 

 

The recent attacks on JBS and Colonial Pipeline have once again brought focus to the danger of increasingly sophisticated ransomware campaigns.

 

The estimated payments in 2020 associated with ransomware have been estimated to be about $370 million in cryptocurrency. Ransomware costs are not just about the ransom payouts. The total damage associated with ransomware is estimated to be much higher than the cryptocurrency payouts—perhaps $20 billion. 

 

The report overviews the ransomware-as-a-service process flow and the primary channels of distribution, as well as provide deep coverage of ransomware campaigns where we have previously done original research. The report includes information on the NIST cybersecurity framework profile for ransomware risk management, and the CISA new ransomware readiness assessment, both published by these government agencies in June of this year.

 

The report reviews the new and recently emerged malware variants and trends, how these differ from other variants we have seen in the past, and defensive tactics and best practices that work. Included in the report is coverage of the company’s published research and cyberthreat advisories on the following campaigns:

• Malspam Campaign Spoofing Waybill Delivers Nanocore Rat - June 28, 2021

• Hancitor Downloads Infostealers - June 22, 2021 

• Shathak Pushes IcedID Banking Trojan - June 9, 2021

• RemcosRAT Malspam Campaign Spoofs UAE Machinery Company Correspondence - June 2, 2021

• Cyberthreat Advisory - Nobelium Campaigns and Malware - June 2, 2021

• Graftor Adware Still Circulating - May 27, 2021

• Biotech-Themed Malspam Drops BitRAT - May 18, 2021

• Cyberthreat Advisory: DarkSide Ransomware Attack on Colonial Pipeline - May 13, 2021

• Malspam Delivering Agent Tesla Keylogger Spoofs Oil & Gas Co. Messages - May 12, 2021

• Cyberthreat Advisory: FiveHands Ransomware - May 10, 2021

• Polish Language Malspam Campaign Delivers AveMaria Infostealer - May 3, 2021

• Post-Takedown Trickbot Activity - April 28, 2021

• Spoofed Vehicle Purchase Invoice Malspam Drops Formbook Infostealer - April 16, 2021

• Agent Tesla Malspam Campaign Spoofs Bank Correspondence - April 13, 2021

• Italian Economic Support-Themed Malspam Delivers Ursnif Banking Trojan - April 1, 2021

 

GUIDANCE ON DNS SECURITY

DNS is key to the foundational security stack in the public sector. The NSA and CISA have gone on record in 2021 with guidance recommending that every agency, organisation and enterprise leverage the existing DNS protocol and architecture by using a protective DNS (PDNS) service. 

 

Infoblox foundational security using BloxOne Threat Defence provides very comprehensive DNS security capability. Infoblox received 100% of the performance score based upon the criteria defined by NSA.

 

Mohammed Al-Moneer, Regional Director, META Region at Infoblox says: “The Q2 2021 Cyber Threat Intelligence Report provides detailed analysis on the most pressing risks and cyber threats facing business organisations today. For IT security professionals, the report delivers important news on the evolving methodologies and technologies attackers are using to breach defenses. Just as importantly, it details the measures law enforcement is bringing to bear to combat the ransomware wave that’s plagued international businesses and non-profits in recent years. Accurate intelligence about timely, relevant threats enables an organisation to make thoughtful, targeted improvements to its defenses and lower its risk.”-- TradeArabia News Service