Given the USA’s continuous exposure to cybercriminals and cyberattacks, it has become one of the most experienced nations in defending against cybercrime. From nation-state-sponsored cyber espionage to ransomware attacks conducted by financially motivated ransomware groups, the USA has seen it all.
Although cybersecurity has become more advanced with the use of technology and AI, cyber attackers are constantly changing and adapting their methods of attack, and they only need to be lucky once to succeed, while defenders have to be lucky all the time.
To effectively combat these threats, US firms need to understand how they are being targeted and by whom. By gaining an insight into the specific motivations, intentions, and capabilities of cybercriminals targeting the US, companies can put the right defenses in place and stay one step ahead.
A Diversifying Landscape
Cybercriminals are mostly fueled by financial gains, especially in the case of attack methods such as ransomware. However, a wider range of businesses are seeing themselves victimized by hacktivist or state-backed cyber espionage actors where a political or ideological motivation is at play. There has also been a blurring of the lines between hacktivists, cybercriminals, and state-backed actors due to a convergence in tactics, techniques, and procedures – e.g., common malware being used across all groups. Therefore, it is crucial firms gain a deeper and specific understanding of which threats they are most likely to face.
Ransomware
Ransomware continues to dominate the headlines, with US organizations targeted by ransomware attacks more than any other nation. According to our data from monitoring these ransomware groups on the dark web, over 1,400 US companies have been listed as victims since the beginning of 2024. While ransomware should be on the minds of all organizations, certain industries stand out as clear targets. Our data shows that healthcare, capital goods, and commercial & professional services are the most targeted industries. From a cybercriminal’s perspective, targeting US businesses with ransomware is popular because of the number of organizations reliant on the internet to conduct their businesses compared to other nations. This makes it a highly lucrative method of attack, with over 50 percent of ransomware victims choosing to pay the demanded ransom after negotiation and criminals securing an average payout of US $2 million. To avoid becoming the next victim, it is clear organizations need to understand who is being targeted, by whom, and in what way. It is only through this intelligence that firms can put the right defenses in place to effectively combat this threat.
Hacktivism
Other threat actors, such as hacktivists, aren’t motivated by money but instead want to make a point of disrupting organizations that don’t conform to their moral views. In the past, this focused on governments or firms with clear political ties. However, nowadays, any organization, regardless of official relationships, can be attacked based on perceived association with political or social issues. Likewise, the threat itself has evolved from amateur website defacement into attacks that can cause severe reputational and operational damage. For example, coordinated Distributed Denial-of-Service (DDoS) attacks can disrupt critical sectors like infrastructure and finance, and data breaches can result in large financial penalties on top of the damage to reputation. Hacktivists use dark web forums and communications channels such as Telegram to coordinate their attacks, share information on targets, and publicize their activities. By tracking key groups, organizations can bolster their defenses with an understanding of the intent of specific hacktivist groups, as well as the tactics and techniques they use, to inform how disruption could be mitigated in the event of an attack.
Election Threats
A particularly relevant form of attack in the USA right now is threats targeting entities involved in elections. Previously, the US has been targeted both before and during elections, with demonstrated interference of the Russian government in the 2016 Election and the Iranian Government in the 2020 Election. The emergence of advanced technology, such as generative AI, has continued to open up new opportunities for attackers using deepfakes and other computer-generated materials to spread misinformation in order to influence voters.
The Importance Of Dark Web Intelligence
US organizations are facing a diverse range of potential threats. Even for the most accomplished security teams, keeping up with which threats pose the greatest risk to your company is an impossible task without the right intelligence. Arming themselves with insight into who could potentially target their firm enables security teams to prioritize defenses based on the most likely threats. This means they can invest scarce resources more effectively and can move from reacting to threats to becoming more proactive in their defense.
Having visibility into the dark web plays a crucial role in successfully defending against cyber threats. Threat actors use the dark web for its anonymity; however, with threat intelligence, a cybercriminal’s “safe space” is no longer a place to hide. This makes it significantly easier to keep up with adversaries’ techniques, tactics, and procedures (TTPs).
Moving forward, organizations need to gain an understanding of cybercriminals’ capabilities and motivations and what their next move will be. Gathering intelligence from the dark web can help organizations identify the cybercriminals that are targeting their geography, industry, or even their specific company. Being aware in this day and age is the most important way a company can protect itself in this threatening landscape.
- The USA From A Cybercriminal’s Perspective: A Diversifying Landscape - November 11, 2024