The services industry has traditionally included sectors ranging from social assistance and health care to transportation and scientific services.<\/p>\n
However, it doesn\u2019t end there, because the human talent for innovation can turn almost anything into a service.<\/p>\n
We also find \u2013\u00a0 rather less top-of-mind for most people \u2013 the offer of hitmen-as-a-service, usually associated, at least in Hollywood, with large and well-muscled men in expensive suits and sunglasses.<\/p>\n
A few years ago, this area of business moved into the cyber arena as well.<\/p>\n
And so we present: ransomware-as-a-service.<\/p>\n
Today, one of its latest offerings is a \u2018triple threat\u2019 that turns Distributed Denial of Service (DDoS) attacks into an even more lethal cyber weapon against organisations.<\/p>\n
Carole Hildebrand, Senior Strategic Marketing Writer at NETSCOUT, calls it\u00a0\u2018the rise of ransomware gangs\u2019<\/strong><\/a><\/strong>.<\/p>\n She explains: \u201cLike any smart entrepreneur, threat actors know that their business is only as successful as their latest innovation.<\/p>\n And when it comes to parting unsecured organisations from their money, those innovations never stop.<\/p>\n \u201cThe latest involves integrating attacks into a ransomware-as-a-service (RaaS) portfolio to create the so-called triple cyberextortion attack.<\/p>\n It\u2019s a little bit ransom, a little bit DDoS extortion, and a lot of trouble.\u201d<\/p>\n NETSCOUT is a leading global provider of service assurance, security and business analytics, distributed throughout Africa by Networks Unlimited.<\/p>\n In its \u20182020 2H Threat Intelligence Report: DDoS in a time of pandemic\u2019, NETSCOUT observed a huge upsurge in DDoS attacks over the past year or so, including multiple record-breaking events such as the most DDoS attacks in a single year (more than 10 million).<\/p>\n \u201cThe pandemic period to date has certainly facilitated the emergence of an increasingly complex threat landscape,\u201d comments Risna Steenkamp, General Manager: ESM Division at Networks Unlimited.<\/p>\n \u201cDDoS attacks are an attempt to exhaust the resources available to a network, application or service, so that genuine users cannot gain access and the business accordingly cannot deliver the services it offers.”<\/p>\n “Today, the purported \u2018triple threat\u2019 adds in two other factors on top of a DDoS threat.\u201d<\/p>\n As outlined by Hildebrand, cybercriminals are now adding file encryption and data theft into DDoS attacks, creating a potent mix for a threat attacker\u2019s new modus operandi.<\/p>\n The triple threat works as follows:<\/p>\n File encryption:<\/strong>\u00a0In a traditional ransomware attack method, cybercriminals breach a network and encrypt valuable data, making the data, and sometimes the entire system, unavailable to the victim organisation.<\/p>\n The attackers then demand payment in return for a decryption key.<\/p>\n In 2017, the Wannacry ransomware worm spread rapidly across computer networks, infecting core system processes and encrypting data files.<\/p>\n In the end, this attack affected more than\u00a0200,000 computers<\/strong><\/a><\/strong>\u00a0across 150 countries.<\/p>\n Data theft:<\/strong>\u00a0Here, cybercriminals steal the data before locking the victim out.<\/p>\n They then threaten to publicly expose and\/or sell the stolen data unless they are paid.<\/p>\n This second level of extortion makes it harder for victims to ignore ransomware threats, because even those who can use backups to restore data remain at risk of data exposure.<\/p>\n Examples of massive data breaches of global companies include the following: creative, marketing and document management company Adobe (October 2013; 153 million user records stolen); Equifax, one of the largest credit bureaux in the United States (July 2017; 147.9 million customers); professional networking site LinkedIn (2012 and 2016; 165 million users); the hotel group Marriot International (2014 to 2018; 500\u00a0 million customers); social media site MySpace (2013; 360 million customers), and search engine Yahoo (2013 to 2014; three billion user accounts and the biggest data breach ever),\u00a0to name just a few.<\/strong><\/a><\/strong><\/p>\n DDoS attacks:<\/strong>\u00a0Such attacks have been commonly used as a standalone extortion method.<\/p>\n Now, adding this attack methodology into the RaaS operations adds further pressure onto the victim, as maintaining business operability and availability places further strain onto the cybersecurity teams already dealing with the first two events, namely the data theft and data encryption.<\/p>\n At the end of August 2020, a series of cyberattacks on the New Zealand Stock Exchange over five consecutive days forced it to halt trading for a number of hours for four out of those five days.<\/p>\n This was part of a\u00a0global DDoS extortion campaign<\/strong><\/a><\/strong>\u00a0that went on over a number of months to target other organisations around the world.<\/p>\n Hildebrand explains, \u201cBy combining file encryption, data theft, and DDoS attacks, cybercriminals have essentially hit a ransomware trifecta designed to increase the possibility of payment.<\/p>\n According to\u00a0Bleeping Computer, SunCrypt and Ragnor Locker were early users of this tactic.<\/p>\n Since then, other ransomware operators have jumped aboard, including\u00a0Avaddon and Darkside, the perpetrator of the Colonial Pipeline incident.\u201d<\/p>\n The cyberattack on the American Colonial Pipeline Company in May 2021 instigated a shutdown of the almost 9,000 kilometre long pipeline that carries 45 percent of the fuel used on America\u2019s East Coast.<\/p>\n