Events , Fraud Management & Cybercrime , Ransomware

Ransomware: The Era of Mass Exploitation Campaigns

Recorded Future's Allan Liska on Criminal Innovations in Ransomware
Allan Liska, principal intelligence analyst, Recorded Future

The Global ESXiArgs and GoAnywhere ransomware campaigns show how mass exploitation campaigns are the latest of many criminal innovations in 2023. Based on tracing ransom payments, they weren't very profitable. But ransomware actors do love their zero-days, said Allan Liska, principal intelligence analyst at Recorded Future. Whether or not they can turn that into something that makes money remains to be seen.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

Security leaders also need to be wary of configuration error attacks. Two high-profile ransomware attacks, the Western Digital and D.C. Health Link breaches, gained initial access through the victims' cloud providers. Liska warned that even though providers such as Google Cloud, Microsoft Azure and AWS help organizations better secure their clouds, it can be easy to make a configuration error in complex cloud environments.

"The bad guys are getting better at understanding the faults in the cloud. And so we will see more of that going forward," Liska said. "I don't think either the D.C. Health Link or Western Digital was an encryption event; it was all data-theft events. But we are seeing a growth in extortion-only attacks. So this is right in line with 'steal data from wherever you can and then hold that data ransom.'"

In this video interview with Information Security Media Group at RSA Conference 2023, Liska also discusses:

  • The rise of Frankenstein ransomware;
  • The latest in de-RaaSing of ransomware;
  • The impact of ransomware-combating efforts that are currently underway.

Liska has more than 15 years of experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. He has helped countless organizations improve their security posture using more effective and integrated intelligence.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.