Cyber Crime
Iranian Hackers Behind Biggest Ransomware Attacks, Chinese Hackers Exploited software vulnerabilities In 2021: Reports
NEW DELHI: Iranian hackers used ransomware tools the most in 2021 to steal data and blackmail people and enterprises, while Chinese hackers were the largest exploiters of software vulnerabilities around the world during the same year, highlights a new research from cybersecurity firm CrowdStrike.
According to a research released on Friday, Iran-based hacking gangs have been focusing on ransomware as their primary tool since late 2020.
The usage of ransomware in worldwide cybercrime increased by 82 percent over the course of the year, according to the research.
Iranian gangs such as BlackShadow and Deus were among the world’s largest ransomware users through 2021, targeting both Iranian and international companies.
The groups in question were detected executing ‘lock and leak’ operations, in which attackers use ransomware to shut down a system and then release important company information through their own Dark Web channels.
This isn’t the first time that Iranian hackers have been linked to the rise of ransomware. In November 2021, the Microsoft Threat Intelligence Centre (MSTIC) and the Digital Security Unit (DSU) released a report stating that Iranian hacker organisations were increasingly targeting Indian enterprises in the information technology (IT) area, which had not been the case until at least July 2021.
“The majority of the targeting is aimed at Indian IT services firms, as well as a few firms in Israel and the United Arab Emirates. These attacks, while distinct in technique from other recent supply chain attacks, “provide another illustration of how nation-state actors are increasingly targeting supply chains as indirect channels to achieve their aims,” according to the Microsoft research.
According to CrowdStrike, the number of ransomware families, or groups of malware that attack a server or internet-facing firm infrastructure to lock them down and then demand a payment, increased in 2021. Through 2021, the organisation documented 2,686 ransomware assaults, up from 1,474 recorded ransomware attacks in 2020.
“Given the success of these activities, Iran will very certainly continue to utilise disruptive ransomware beyond 2022,” the report said.
Ransomware vulnerabilities have also contributed to an increase in the number of ‘criminal whales,’ or cryptocurrency wallets with balances over $1 million and at least 10% of credited funds linked to blacklisted addresses. According to Chainalysis’ 2022 Crypto Crimes Report, ransomware bounties contributed $30 million to criminal whales’ holdings of over $25 billion in 2021.
Last year, Chinese hackers shifted their entire attack strategy, shifting away from user-centric attacks and toward exploiting new, unpatched enterprise vulnerabilities. These fresh, unpatched vulnerabilities are known as ‘zero-day’ defects, which refer to security gaps in an existing cyber architecture that have gone unpatched.
According to CrowdStrike, although Chinese hacking groups created two such exploits in 2020, the number increased to 12 in 2021. India has also been on the minds of Chinese assailants.
According to a report released in September 2021 by American cyber security firm Recorded Future, Chinese government-backed hackers targeted Indian organisations using a malware family known as ‘Winnti,’ which is common among Chinese hacker groups. The Unique Identifying Authority of India (UIDAI), which issues India’s Aadhaar identification document, was supposedly on the list of targets. UIDAI, on the other hand, had refuted the report’s findings.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube