So, let’s talk about the threat actors on the other side.
From Axios, according to experts, ransomware attackers are often ego-driven and willing to scam each other. They are not the organized criminal masterminds that organizations may perceive them to be. Recent incidents, such as the self-implosion of the ransomware gang behind the attack on Change Healthcare, highlight the infighting and lack of trust among cybercriminals. Entry-level hackers have become more valuable in the ransomware-as-a-service model, leading to constant in-fighting between operators and freelance hackers. Victims should be aware that paying the ransom does not always guarantee the deletion of stolen data, and there may be a need for a shift in mindset to stop paying and encourage cybercriminals to change their tactics.
Hackers increasingly rely on stolen passwords and legitimate user accounts to infiltrate companies, making it harder to detect their activities. Reports from CrowdStrike and IBM highlight the growing trend of hackers using passwords obtained from data breaches. Using stolen passwords and account sessions has been the root cause of high-profile attacks, emphasizing the need for stronger security measures such as multifactor authentication and implementing a zero-trust security framework.
Why do we care?
I focus on using the cybercriminal and organized crime persona to reinforce that attackers are systemized and more professional than the lone-wolf, basement “script kiddie” persona often stuck in business leaders’ minds.
Tony Soprano as organized crime is a useful mental model. Tommy Shelby in Peaky Blinders works, too. Remember that part of that persona is the frequent fighting and infighting between and within gangs.
No honor among thieves is a saying for a reason. That doesn’t make them less effective.
