Other notable observations from the report include:
- Reverse Deception Tactics - Increasing cybercriminal use of deception tactics including anti-analysis code, steganography, and expendable command-and-control servers used for concealment of stolen data. Greater public reporting on cyber threat activity and attribution may accelerate this denial and deception trend, increasing the cost of cyber defense efforts and resource allocations.
- Sophisticated Phishing Campaigns - Cybercriminals continue to craft familiar lures—subject lines mentioning invoices, shipping, resumes, wire transfers, missed payments— but ransomware is displacing banking trojans as one of the most prevalent types of malware delivered via phishing techniques.
- Strategic Use of Information Operations - Escalation of espionage and disruption activity from state-sponsored actors may likely continue in response to fulfilling strategic collection requirements and geopolitical triggers such as economic sanctions, military exercises and religious conflicts.
- Alternative Crypto-Currencies - Bitcoin continues to be the currency of choice among cybercriminals, however, the need to better conceal transactions is forcing cybercriminals to either develop and leverage bitcoin laundering techniques or adopt alternative cryptocurrencies.
- DDoS-for-Hire Services - Distributed denial of service (DDoS)-for-hire services have given way to a thriving DDoS-for-hire botnet ecosystem leading to threat actors gaining greater access to increasingly potent and affordable DDoS-for-hire tools and services.
- Adopt proactive prevention - Recognize phishing scams through prevention training and awareness programs. Make it easy for employees to report fraudulent e-mails quickly, and keep testing internally to prove the training is working.
- Elevate e-mail controls - Maintain strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution.
- Insulate your infrastructure - Remove or limit local workstation admin rights or seek out the right configuration combinations (e.g. virus scanners, firewalls). Regularly patch operating systems and applications.
- Plan for continuity - To avoid paying any ransom have a strong cyber resilience plan for recovery that is regularly reviewed, updated, and tested.