Ransomware groups switch to stealthy attacks and long-term access
Summary
Ransomware groups are shifting tactics towards stealthy infiltration and long-term access, focusing on data exfiltration and the threat of public exposure as their main extortion mechanism. They are using defense evasion and persistence techniques, routing command-and-control traffic through trusted enterprise services to blend in with normal business traffic, and chaining vulnerabilities for greater impact.
IFF Assessment
The shift towards stealth and persistence by ransomware groups makes them harder to detect and remove from compromised systems.
Defender Context
Defenders need to focus on detecting subtle indicators of compromise and lateral movement within their networks. Employing breach and attack simulation tools can help identify weaknesses in security posture and improve detection capabilities. Monitoring traffic to trusted enterprise services for unusual command-and-control activity is crucial, as is patching vulnerabilities to avoid exploitation chains.