The shift to remote working due to the COVID-19 pandemic exponentially increased organizations’ attack surface, and threat actors across the cybercriminal landscape were keen to exploit remote access. Approximately $350 million in transactions made to crypto wallet addresses were linked to ransomware attacks that took place in 2020, representing a 311% increase from the previous year.
2020 also accelerated the growth of Ransomware-as-a-Service (RaaS) offerings, with sophisticated groups on the underground expanding their operations and reach of attacks – as well as the damages. Protecting organizations from ransomware not only requires preemptive knowledge of imminent threats and the power to block or remediate, but also the ability to gain deeper understanding of the bigger picture: threat actors, their connections, motivations, and more.
While work-from-home accelerated digital transformation, it also exponentially increased organizations’ attack surface - and the potential of a breach.
The emergence of ransomware groups hosting dedicated leaks sites (DLS) has increased the leverage on victims by threatening to expose data in the event of a non-payment.
Decentralized affiliate networks continue to be a menace. As one group gets shut down or retires, affiliates transfer knowledge to the next - thus growing capabilities and best practices.
Know your RaaS
Every year, dark web actors sell access to millions of compromised endpoints and access over various remote protocols, such as RDP and webshells. Anyone can purchase access on these markets and with it, deploy ransomware, siphon system resources, harvest confidential information, and assume control of logged-in accounts. Cybersixgill detects and alerts its customers when their resources are being sold on these markets.
Get alerts as RaaS operators extending their reach and promoting their malware on the underground. Block, analyze and further investigate the bigger picture: actors, their TTPs, motivations, and social networks.
Leverage the first solution based on actors’ intent. Know which vulnerabilities will be targeted, get granular insights around emerging trends and hyper context on actors and their objectives.
Automatically gain access to remediation information for each vulnerability directly from NVD, MITRE and other vendor sites.
Receive a full intelligence picture of the vulnerability, complete with context – including a comprehensive audit trail of the data we have collected on the actors and their discourse, exploit kits, attribution to malware, APT and ransomware. This includes a score of the likelihood a vulnerability will be exploited over the next 90 days, hours after the CVE is first published. Unlike CVSS, this score is continually updated in real-time in response to the threat intelligence we gather.
Map vulnerabilities to MITRE ATT&CK framework to anticipate how, when or why criminals will exploit each vulnerability, listing the CVEs used in the context of each technique to assess the risk to your organization and prioritize remediation efforts.
Accurately match organizational CPEs identified in step 1 to specific, related vulnerabilities (CVEs) to determine which vulnerabilities are exposing your systems to attack.
Discover and scope the relevant organizational assets (ie. CPEs) and vulnerabilities (ie CVEs) or identify specific CPEs and CVEs that are of interest.