{"id":7458,"date":"2022-02-16T07:50:43","date_gmt":"2022-02-16T15:50:43","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7458"},"modified":"2022-02-16T09:18:55","modified_gmt":"2022-02-16T17:18:55","slug":"joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/","title":{"rendered":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In February 2022, a <\/span><a href=\"https:\/\/www.ncsc.gov.uk\/news\/joint-advisory-highlights-increased-globalised-threat-of-ransomware\"><span style=\"font-weight: 400;\">Joint Cybersecurity Advisory<\/span><\/a><span style=\"font-weight: 400;\"> was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying recent trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the overall sophistication they exhibit, continue to become an increased threat to business and government globally. The alert was based, in part, on 14 observed incidents targeting 16 <\/span><a href=\"https:\/\/www.cisa.gov\/critical-infrastructure-sectors\"><span style=\"font-weight: 400;\">critical infrastructure sectors<\/span><\/a><span style=\"font-weight: 400;\"> within the United States.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The advisory observed behaviors and trends by threat actors in 2021 to include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting vulnerabilities. <\/b><span style=\"font-weight: 400;\">Phishing emails, RDP exploitation, and exploitation of software vulnerabilities remained the top three initial infection vectors for ransomware incidents in 2021. Once a ransomware threat actor has gained code execution on a device or network access, they can deploy ransomware. We\u2019ve covered the problems with the RDP protocol being breached during our quarterly threat reports.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Using cybercriminal services-for-hire.<\/b><span style=\"font-weight: 400;\"> The market for ransomware became increasingly \u201cprofessional\u201d in 2021, and the criminal business model of ransomware is now well established. In addition to their increased use of ransomware-as-a-service (RaaS), ransomware threat actors employed independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Sharing victim information.<\/b><span style=\"font-weight: 400;\"> Eurasian ransomware groups have shared victim information with each other, diversifying the threat to targeted organizations. For example, after announcing its shutdown, the BlackMatter ransomware group transferred its existing victims to infrastructure owned by another group, known as Lockbit 2.0.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Shifting away from targeting perceived high-value organizations in the United States and moving towards mid-sized victims.<\/b><span style=\"font-weight: 400;\"> In the first half of 2021, cybersecurity authorities in the United States and Australia observed ransomware threat actors targeting perceived high-value organizations and\/or those that provide critical services in several high profile incidents. This changed within the United States in the latter part of 2021 after the breakup of several major ransomware networks. Threat actors targeting businesses within the United States appeared to move their energy more towards medium sized business. The ACSC observed ransomware continuing to target Australian organizations of all sizes, including critical services and \u201cbig game,\u201d throughout 2021. Similarly, the NCSC-UK observed targeting of UK organizations of all sizes throughout the year, with some \u201cbig game\u201d victims. Overall victims included businesses, charities, the legal profession, and public services in the Education, Local Government, and Health Sectors.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Diversifying approaches to extorting money.<\/b><span style=\"font-weight: 400;\"> After encrypting victim networks, ransomware threat actors increasingly used \u201ctriple extortion\u201d by threatening to (1) publicly release stolen sensitive information, (2) disrupt the victim\u2019s internet access, and\/or (3) inform the victim\u2019s partners, shareholders, or suppliers about the incident.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Further, the advisory notes that ransomware crime groups have increased their impact by:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Targeting the cloud.<\/b><span style=\"font-weight: 400;\"> Ransomware developers targeted cloud infrastructures to exploit known vulnerabilities in cloud applications, virtual machine software, and virtual machine orchestration software. Ransomware threat actors also targeted cloud accounts, cloud application programming interfaces (APIs), and data backup and storage systems to deny access to cloud resources and encrypt data.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Targeting managed service providers.<\/b><span style=\"font-weight: 400;\"> Ransomware threat actors have targeted managed service providers (MSPs). MSPs have widespread and trusted access into multiple client organizations. By compromising an MSP, a ransomware threat actor could access multiple victims through one initial compromise. Cybersecurity authorities in the United States, Australia, and the United Kingdom assess there will be an increase in ransomware incidents where threat actors target MSPs to reach their clients.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Attacking industrial processes. <\/b><span style=\"font-weight: 400;\">Although most ransomware incidents against critical infrastructure affect business information and technology systems, the FBI observed that several ransomware groups have developed code designed to stop critical infrastructure or industrial processes.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Attacking the software supply chain.<\/b><span style=\"font-weight: 400;\"> Globally, in 2021, ransomware threat actors targeted software supply chain entities to subsequently compromise and extort their customers. Targeting software supply chains allows ransomware threat actors to increase the scale of their attacks by accessing multiple victims through a single initial compromise.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Targeting organizations on holidays and weekends. <\/b><span style=\"font-weight: 400;\">The FBI and CISA observed cybercriminals conducting increasingly impactful attacks against U.S. entities on holidays and weekends throughout 2021. Ransomware threat actors may view holidays and weekends\u2014 when offices are normally closed\u2014as attractive timeframes, as there are fewer network defenders and IT support personnel at victim organizations. For more information, see joint FBI-CISA Cybersecurity Advisory, Ransomware Awareness for Holidays and Weekends.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The advisory covers recommended mitigations that can reduce the likelihood of a successful attack and the impact of any ransomware incidents. These include keeping operating systems and software up to date with timely updates and patching. Cautions about the use of RDP are also mentioned. Even today many organizations have RDP servers sitting on their networks, perhaps never used, with default passwords in place! Emphasis is also placed on user training to raise awareness among users about visiting potentially malicious websites, clicking on suspicious links, and opening suspicious attachments. Finally, well known defensive techniques such as implementing network segmentation, end-to-end encryption and many more are extensively covered in the advisory.\u00a0<\/span><\/p>\n<h3><b>DNS is a core part of your defense<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">DNS is almost always in the kill chain of most cyberattacks, including ransomware, and can be used as a C&amp;C channel, and for malware download and\/or data exfiltration. Your clouds, on-premise resources, IT\/OT environments and remote\/roaming workers all need DNS security as a way to monitor and protect against cyberattacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Attackers may, in some cases, use malicious domains and IP addresses\u00a0 that could already have a reputation and may be identified by using threat intelligence on your DNS infrastructure. In addition, the behavior and context of DNS queries may provide the essential indicators you need to identify and stop a zero day attack and more advanced threats.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is important to remember that standard security controls and technologies such as next-gen firewalls, IPS, and gateways do not monitor DNS for detecting malicious communications. These security controls, while very important, often cannot stop specific attacks such as DNS data exfiltration. Worse yet, they are not able to detect the subtle threats from newly registered and observed domains that could be used to launch attacks. DNS security provides visibility and protection against such threats, which is especially important in today\u2019s uncertain environment where there is an increase in cyberattacks associated with nation states.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS security is designed to prevent users\u2019 connection to malicious destinations and detect anomalous behavior in the networks, advanced persistent threat activity, botnet communications, DNS tunneling, and data exfiltration. <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">BloxOne Threat Defense<\/span><\/a><span style=\"font-weight: 400;\">, Infoblox\u2019s DNS security solution, combines advanced analytics based on machine learning, highly accurate and aggregated threat intelligence and automation to detect and prevent a broad range of threats, including ransomware, phishing, data exfiltration, DGA families, look-alike domain use, and many others. Integration with Security Orchestration Automation and Remediation (SOAR) systems, ITSM solutions, vulnerability scanners and other security ecosystems for automated remediation is an important capability of DNS security.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS logs also contain a wealth of information for a more efficient incident response. DNS logs are a highly effective way to see what resources a client has been accessing historically. DHCP fingerprint and IPAM metadata provide contextual information on compromised devices such as type of device, OS information, network location and current and historical IP address allocations.\u00a0 All this information helps with event correlation and determining the scope of an ongoing breach, while tying DNS requests to a device and user.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In light of the likely sources of these attacks, it is important to note that BloxOne Threat Defense also addresses EECN IPs. This is a policy-based feed containing IPs of countries in Eastern Europe and China that are often regularly cited sources of cyberattacks seeking intellectual property or other sensitive or classified data, as well as theft of credit card or financial information. It is natural to expect their presence in the midst of the ongoing barrage of ransomware activity.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s not forget that DNS security is a mainstream security control. A June 2021 <\/span><a href=\"https:\/\/www.gartner.com\/en\/documents\/4002327\"><span style=\"font-weight: 400;\">Gartner report<\/span><\/a><span style=\"font-weight: 400;\"> recommends organizations leverage DNS logs for threat detection and forensic purposes with their Security Information and Event Management platforms.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To find out more about how Infoblox can help please reach out to us via <\/span><a href=\"https:\/\/info.infoblox.com\/contact-form\/\"><span style=\"font-weight: 400;\">https:\/\/info.infoblox.com\/contact-form\/<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In February 2022, a Joint Cybersecurity Advisory was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying recent trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":6719,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[288,361,606,30,360,153,228,77],"class_list":{"0":"post-7458","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-ransomware","9":"tag-network-security","10":"tag-cloud-security","11":"tag-dns","12":"tag-dns-security","13":"tag-bloxone","14":"tag-bloxone-threat-defense","15":"tag-soar","16":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021<\/title>\n<meta name=\"description\" content=\"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021. In February 2022, a Joint Cybersecurity Advisory was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying these trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the overall sophistication they exhibit, continue to become an increased threat to business and government globally. The alert was based, in part, on 14 observed incidents targeting 16 critical infrastructure sectors within the United States.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021\" \/>\n<meta property=\"og:description\" content=\"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021. In February 2022, a Joint Cybersecurity Advisory was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying these trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the overall sophistication they exhibit, continue to become an increased threat to business and government globally. The alert was based, in part, on 14 observed incidents targeting 16 critical infrastructure sectors within the United States.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-16T15:50:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-16T17:18:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021\",\"datePublished\":\"2022-02-16T15:50:43+00:00\",\"dateModified\":\"2022-02-16T17:18:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/\"},\"wordCount\":1386,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"keywords\":[\"Ransomware\",\"Network Security\",\"Cloud security\",\"DNS\",\"DNS Security\",\"BloxOne\u00ae\",\"BloxOne\u00ae Threat Defense\",\"SOAR\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/\",\"name\":\"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"datePublished\":\"2022-02-16T15:50:43+00:00\",\"dateModified\":\"2022-02-16T17:18:55+00:00\",\"description\":\"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021. In February 2022, a Joint Cybersecurity Advisory was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying these trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the overall sophistication they exhibit, continue to become an increased threat to business and government globally. The alert was based, in part, on 14 observed incidents targeting 16 critical infrastructure sectors within the United States.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-07.jpg\",\"width\":612,\"height\":408,\"caption\":\"Criminal hiding behind a mask turns up on computer screen asking the owner for money. Concept of phishing and ransomware, where the computer has all files on the harddrive encrypted and the victims need to pay a ransom in order to get their files unlocked.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021","description":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021. In February 2022, a Joint Cybersecurity Advisory was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying these trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the overall sophistication they exhibit, continue to become an increased threat to business and government globally. The alert was based, in part, on 14 observed incidents targeting 16 critical infrastructure sectors within the United States.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/","og_locale":"en_US","og_type":"article","og_title":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021","og_description":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021. In February 2022, a Joint Cybersecurity Advisory was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying these trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the overall sophistication they exhibit, continue to become an increased threat to business and government globally. The alert was based, in part, on 14 observed incidents targeting 16 critical infrastructure sectors within the United States.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/","og_site_name":"Infoblox Blog","article_published_time":"2022-02-16T15:50:43+00:00","article_modified_time":"2022-02-16T17:18:55+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021","datePublished":"2022-02-16T15:50:43+00:00","dateModified":"2022-02-16T17:18:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/"},"wordCount":1386,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","keywords":["Ransomware","Network Security","Cloud security","DNS","DNS Security","BloxOne\u00ae","BloxOne\u00ae Threat Defense","SOAR"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/","url":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/","name":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","datePublished":"2022-02-16T15:50:43+00:00","dateModified":"2022-02-16T17:18:55+00:00","description":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021. In February 2022, a Joint Cybersecurity Advisory was issued by key agencies in the United States (CISA, FBI, and the NSA), Australia\u2019s Cybersecurity Center (ACSC), and the United Kingdom\u2019s National Cyber Security Center identifying these trends in the sophistication of ransomware. The advisory noted that the tactics and techniques used by threat actors, and the overall sophistication they exhibit, continue to become an increased threat to business and government globally. The alert was based, in part, on 14 observed incidents targeting 16 critical infrastructure sectors within the United States.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-07.jpg","width":612,"height":408,"caption":"Criminal hiding behind a mask turns up on computer screen asking the owner for money. Concept of phishing and ransomware, where the computer has all files on the harddrive encrypted and the victims need to pay a ransom in order to get their files unlocked."},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-ransomware-threats-evolved-in-2021\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Joint Cybersecurity Advisory\u2014Ransomware Threats Evolved in 2021"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7458"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7458\/revisions"}],"predecessor-version":[{"id":7461,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7458\/revisions\/7461"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6719"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}