UK Threat Landscape Brief

Jun 23, 2024

UK Threat Landscape Brief by Intel 471

Introduction

  • TLP White briefing: Basic public information.
  • More detailed content available for TLP Amber and Amber strict levels.
  • Contact for further detail available via email provided on the last slide.

Presentation Overview

  • Duration: 20-25 minutes (up to 30 mins with detailed discussion).
  • Q&A session at the end.
  • Main topics:
    • Introduction about the presenter and his role.
    • Human intelligence in Cyber Threat Intelligence (CTI).
    • The British underground (cyber underground).
    • Top threats: Access Brokers, Ransomware, Information Stealers.
    • Impact of Russia-Ukraine conflict, Killnet group.
    • Future threat outlook.

About the Presenter

  • Intelligence Director at Intel 471.
  • Previous experience:
    • Global Intelligence Team Lead at Crisp.
    • UK Military Intelligence Corps.
    • Worked with Google, YouTube, TikTok, Facebook, etc.
    • Specializes in CTI, counter CSAM, counter-radicalization, and counter-terrorism.

Importance of Human Intelligence in CTI

  • Human intelligence (HUMINT): Provides detailed insights and context not available elsewhere.
  • Key advantages:
    • Understanding adversary tactics, techniques, and procedures.
    • Insight into malware/tools/infrastructure used by cybercriminals.
    • Identifying targets and motivations of threat actors.
    • Relationships between different actors (e.g., Access Brokers and Ransomware groups).

British Cyber Underground

  • Operates through forums, social media, and telegram, often in English for operational security and business reach.
  • Impactful threats:
    • Access Brokers frequently target UK businesses.
    • Steady volume of Ransomware attacks in 2022.
  • Top threats: Access Brokers, Ransomware, Information Stealers.

Access Brokers

  • Definition: Individuals selling access to businesses for financial gain.
  • Importance: They enable other sophisticated cyber-attacks.
  • Acquisition methods: Information stealers, malware logs, old credential lists.
  • Price range: $75 to $15,000 depending on type and legitimacy of access.

Ransomware

  • Main threat: Financial impact on businesses due to data ransom.
  • Top Ransomware variants: LockBit 2.0, Hive, BlackBasta, Vice Society.
  • Attack pattern: Usually increases in mid and end of the year.
  • UK statistics: Steady increase in Ransomware incidents.

Information Stealers

  • Definition: Malware that gathers credentials and sensitive information.
  • Common types: KPOT, Raccoon, RedLine, VDAR.
  • Spread methods: Phishing, spam, malicious downloads.
  • Impact: Stealing credentials leads to further attacks such as ransomware.

Russia-Ukraine Conflict Impact

  • Fracturing of cyber underground: Creation of groups like Killnet, a pro-Russian hacktivist group.
  • Methods: Mainly DDoS attacks, targeting sectors hostile to Russia or supportive of Ukraine.
  • Threat Level: Mostly nuisance with some potential for more significant future threats.

Future Outlook

  • Next 6-12 months trends:
    • Exploiting global events like energy crises through phishing.
    • Increased targeting of the public sector and rise in hacktivism.
    • Growth of initial access brokerage.
    • Emphasis on session hijacking and social engineering.
    • Continuous rise in ransomware attacks.

Final Q&A and Contact Information

  • Addressed questions: Top 10 Access Brokers, availability of TLP white slides.
  • Contact: Details provided for further inquiries.