WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Ransomware attacks have seen a steep increase this year, 13% more than in 2021, and they’re not expected to slow down anytime soon. With that in mind, let’s take a look at the top ransomware trends you should be keeping an eye on as we move into 2023. Here’s what you need to know about the current state of ransomware and how it’s working today, where it might be heading in the future, and mindset strategies you can adopt to improve your odds.
Download the Q1 2023 Ransomware Report >
Is ransomware on the rise? According to IDC, 33% of organizations globally have been victims of ransomware. This trend is not slowing down going into 2023: ransomware groups are getting more sophisticated, and attacks are becoming more targeted.
Certain industries are particularly at risk, and critical infrastructure increasingly so. According to the Cybersecurity and Infrastructure Security Agency (CISA), government agencies “observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors,” including finance, education, energy, and more.
Ransomware groups typically extort money from their victims by encrypting their files and demanding a random, but there is a rising trend of them relying on additional methods to extract revenue. A new breed of vendor is popping up in cybercriminal forums: the initial access broker. These brokers sell initial access, i.e., access to a compromised machine on a particular network or within a particular organization, to ransomware groups. This spares the ransomware gangs from expending resources on initial access so they can then focus on lateral movement, the ransom itself, and negotiation. The number of listings for initial access offerings increased by 58% between 2021 and 2022.
Attack strategies have shifted from simply encrypting business data to placing additional focus on data exfiltration. There are a couple of common ways attackers can profit from this stolen data: Extortion, where an attacker says “I’ve stolen your customer list and exfiltrated it to my infrastructure. Pay me $200,000 or I will leak it.” The other way would be to sell your exfiltrated data directly, e.g., by placing a username and password dump for sale on a darknet forum.
Double-extortion attacks, in which threat actors both hold your data for ransom and threaten to publish it online, have become a big trend since their inception in 2019. Threat intelligence company Digital Shadows (now ReliaQuest) uncovered 11 new extortion groups focusing solely on data leaks in 2022. Blackbyte is also famous for their use of double extortion.
To avoid the spotlight, infamous ransomware groups (think rEvil, Conti, etc.) are simply changing their names. According to KrebsonSecurity, “Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.”
Just as the defensive cyber landscape is constantly evolving, so too is the offensive landscape. As we’re implementing more controls and additional detections, these ransomware groups are creating new toolkits to thwart defensive efforts.
Of course, new, less-experienced ransomware groups are popping up every day as well. Instead of being on the forefront, working at the cutting edge to keep up with or outsmart the defenders, these newer groups tend to rely on pre-made exploit kits and ransomware builders. There are a few ways they can acquire these tools—sometimes even from defenders who break into the larger ransomware gangs’ environments and leak their code in an attempt to undermine them. These lower-skilled groups can then use these tools to imitate their more-sophisticated counterparts.
Protect your organization’s web presence with ReliaQuest Digital Risk Protection >
Recruitment for ransomware groups isn’t slowing down. In order to keep up with the evolving defense landscape, these groups are constantly hiring new developers and pen testers.
On the ransomware defense side, there are a few strategies that can help mitigate the risk associated with ransomware attacks.
Always assume that a breach is possible, no matter your level of protection. One should always put effort into prevention, but attack detection and containment can be a more effective use of resources.
For this strategy, there are a number of tactics you should employ:
To achieve defense in depth, you should have a layered defense strategy, including layered detection pipelines and security mechanisms or controls through the network.
Layered detection pipelines are the logical processes you have in place to collect, process, analyze, and react to events happening within your environment. It’s not just collecting logs—it’s about taking the “assume breach” mindset into account and considering the potential attack vectors in your own environment. That can help you prioritize which detection pipelines you need to focus on, for example:
Next, let’s talk security controls. These are usually the tools or software you deploy in your environment. Active controls, like firewalls and email gateways, can help you mitigate risk within the environment. Other controls, like EDR, can serve your detection pipelines.
Finally, defense in depth also includes layered security design. When you’re introducing a new tool, consider how it affects the security posture of the organization as a whole. Introducing a new tool can introduce new attack paths into the network. There’s a possibility that the application itself contains vulnerabilities, or that the remote management capabilities provided by the vendor introduces a new attack path. Considerations should be made to account for these paths. Many security teams address this issue with a “zero trust” approach.
When defending against ransomware, visibility and flexibility are key. The ReliaQuest security operations platform, GreyMatter, empowers your security team during every stage of the ransomware lifecycle.
Learn more about ReliaQuest GreyMatter for ransomware >
Ransomware has been around for a long time and continues to be one of the most popular forms of cyber attack—for good reason. It’s lucrative for the entire cybercrime supply chain, from the initial access brokers and exploit kit developers all the way to the ransomware actors themselves. In short, ransomware is much more than the final extortion. It’s an entire industry.
By keeping up with the latest trends, adopting a preventative mindset, and choosing the right security operations platform, you improve your ability to detect and respond to ransomware incidents before attackers gain a serious foothold.