Accenture Publishes 2020 Cyber Threatspace Report; Josh Ray Quoted

Accenture Publishes 2020 Cyber Threatspace Report; Josh Ray Quoted
Accenture

Accenture announced Monday the release of its 2020 Cyber Threatscape Report. Drawing upon the company’s cyber threat intelligence (CTI) capabilities, the report has analyzed the tactics, techniques and procedures of sophisticated cyber adversaries, as well as projected how threats will evolve. 

“Since COVID-19 radically shifted the way we work and live, we’ve seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities,” said Josh Ray, Accenture Security, cyber defense practice lead.

Accenture’s report analyzed how sophisticated adversaries mask identities with off-the-shelf tools. Analysts have researched suspected state-sponsored and organized criminal groups using a combination of off-the-shelf tooling, including “living off the land” tools, shared hosting infrastructure and publicly developed exploit code. The tools feature scale to orchestrate cyberattacks. 

According to the report, it is highly likely that the criminal groups will continue to use off-the-shelf and penetration testing tools into the future because they are easy to use, effective and cost-efficient.

The report notes how one criminal group has targeted systems supporting Microsoft Exchange and Outlook Web Access to use the compromised systems as beachheads, which hides traffic, relays commands, compromises e-mail, steals data and gathers credentials for espionage efforts.  

In addition, Accenture reported that ransomware has enabled cybercriminals to advance online extortion by threatening to publicly release stolen data or sell it. With the increase in profits for this tactic, there has been a wave of copycat crimes and new ransomware peddlers.

Accenture CTI analysts have tracked cybercriminals behind it on Dark Web forums, where they are found to advertise regular updates and improvements to the ransomware, as well as recruit new members. 

The success of these hack-and-leak extortion methods, especially against larger organizations, means they will likely proliferate for the remainder of 2020 and could foreshadow future hacking trends in 2021.

“The biggest takeaway from our research is that organizations should expect cybercriminals to become more brazen as the potential opportunities and pay-outs from these campaigns climb to the stratosphere… organizations need to double down on putting the right controls in place and by leveraging reliable cyber threat intelligence to understand and expel the most complex threats,” Ray added. 

You may also be interested in...

Jay Lambke President GAI

Government Acquisitions Obtains SBA HUBZone Program Certification; Jay Lambke Quoted

Cincinnati, Ohio-based company Government Acquisitions Inc. has been accredited by the Small Business Administration under a program that seeks to provide economic benefits to government contractors from historically underutilized business zones.

Satellite launch

SpaceX Launches Satellite for Multinational Ocean Observation Effort

SpaceX has sent to space a satellite designed to monitor sea levels across the globe under a U.S.-U.K. partnership. The Sentinel-6 Michael Freilich satellite lifted off from Vandenberg Air Force Base on a mission to collect sea level data, support ship navigation and inform weather forecasts, NASA said Sunday.

KBR

KBR Gets $65M Navy Contract Modification for Base Support Services

KBR has received a one-year, $64.8M contract modification to carry out base operating support services at various U.S. Navy installations in Djibouti and Kenya.