• Latest
  • Trending
Expanding RaaS eco-system is exploiting OT security gaps

Expanding RaaS eco-system is exploiting OT security gaps

July 7, 2022
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 29 March, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Expanding RaaS eco-system is exploiting OT security gaps

by ITECHNEWS
July 7, 2022
in Leading Stories, Opinion
0 0
0
Expanding RaaS eco-system is exploiting OT security gaps

Ransomware availability is now at an all-time high globally. Not only is ransomware more easily available, but the average cost of ransomware has dipped by as much as 70 percent since February 2022 when the Russo-Ukraine war began. This is one reason why complex ransomware is now turning up in places it never was before. This dip has attracted new players and also contributed in some extent to the growing attacks on businesses that run on or have OT in their infrastructure.

Growing Ransomware as a Service (RaaS) economy

The global RaaS economy is now estimated to be worth more than a billion dollars. The business is not just highly profitable but is also working its way towards evolving some kind of an information structure and functional streamlining. The hierarchy of RaaS is a simple one. At the bottom rung lie freelancers who work with a contractor who is tied to multiple ransomware groups. The contractors are responsible for the recruitment and allocation of freelancers for specific projects that are chosen by the ransomware groups such as Lockbit.

YOU MAY ALSO LIKE

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Data Leak Hits Thousands of NHS Workers

The freelancers are given assignments based on which their skill sets are evaluated and they also receive rewards based on these assignments. A contractor may float a job ad in the dark or surface web calling for the recruitment of freelancers for specific projects. Depending on the skillsets and scope of a project, a freelancer can expect to earn anywhere between $300 to $ 500000 for a single project. If the victim is attacked again based on stolen credentials or if the stolen data gets resold, the freelancers and contractors behind that project can expect to get additional commissions.

Groups like Contii have made RaaS projects exceptionally rewarding with a shoot, scoot, and regroup model. This model involves ransomware groups routinely reassembling after disbanding in the aftermath of a successful ransomware campaign. These groups also maintain a secret inventory of bugs to exploit. The malware development cycle for exploiting a specific high-value bug is today in the range of a day to a week depending on the complexity of the exploit.

Unlike earlier ransomware groups, groups today are more sophisticated and use better tools, communication means and random targeting is almost unheard of among them. Each target is chosen with diligence and handed over to contractors for acquisition. Contractors may also decide on targets at their discretion to increase their earnings from a specific family of ransomware. By mobilizing an army of freelancers the contractors and ransomware groups benefit from higher levels of anonymity and a more fluid chain of association. Thus the risks of an entire chain of cybercriminals being exposed are significantly reduced.

Implications of RaaS for OT security

Ransomware groups are now openly targeting manufacturing and utility firms that have a high percentage of OT installations. A soon-to-be-published study by Sectrio reveals the gravity of the problem. The study found that over 150000 ports connected with various OT and IT services were available for scanning by an external actor. Some of these ports also provided access to core IT and OT assets raising the alarming prospect of a massive and debilitating cyberattack unless these ports (opened inadvertently we assume) are closed rapidly and the networks connected assessed for any signs of unauthorized entry.

Here is why OT security teams need to get their act together fast:

  • OT control systems are seen as easy entry points to other parts of the network by hackers
  • Lack of visibility and control into connected OT systems and networks makes them the perfect candidates for intrusion and hijack attempts
  • Our recent CISO survey revealed that the frequency of security audits, skill up-gradation, and infrastructure threat assessments conducted by businesses are not aligned to the needs of the evolving threat landscape out there. Such businesses are consequently rendered vulnerable to a cyberattack by these ransomware groups
  • Many businesses do not have an OT security policy that could have drawn attention to the unique requirements associated with OT security
Source: Prayukth K V
Via: Security Boulevard
Tags: Expanding RaaS eco-system is exploiting OT security gaps
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023

Recent News

  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • EU Cybersecurity Agency Warns Against Chinese APTs February 20, 2023
  • How Your Storage System Will Still Be Viable in 5 Years’ Time? February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version