(Bloomberg) --A hack on a London hospital has left hundreds of millions of health records exposed and forced doctors to reschedule life-altering cancer treatments. In North America, a gang tried auctioning off data about LendingTree Inc. customers after finding credentials in another breach. And in the recent compromise of car-dealership software provider CDK Global, hackers took the brazen approach of attacking not just once, but twice.
These recent high-profile incidents show how cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology.
"They're becoming more aggressive in the ways they try to make money," said Kevin Mandia, co-founder of Ballistic Ventures and the former chief executive officer of Google's threat intelligence firm Mandiant. "It's trying to create more pain so they get paid more, or they cause more disruption."
The one-two punch approach used in the CDK incident indeed
Tactics like leaking sensitive records and double-hacks aren't completely new, but have become more common and represent an evolution from traditional ransomware attacks, when scammers simply would encrypt data, demand a payment and then move to the next victim.
These days, when hackers ask for money, they're sometimes refusing to negotiate ransom demands, according to one expert not authorized to speak about the matter, and they are insisting on extraordinary sums. The Russian-speaking hackers in the London hospital attack
Those kinds of demands point to hackers putting significantly more pressure on victims. The
Another reason hackers are growing more demanding: They're getting smarter about picking their targets, homing in more often on victims whose systems are critical to entire supply chains. The so-called ransomware-as-a-service model has made this strategy easier. A core hacking group will develop and lend its malware to other scammers, known as affiliates, in exchange for a cut of their ransom proceeds.
This is a favorite technique of the group known as BlackCat,
Harassing Researchers
Hackers have also started to harass the researchers who investigate them.
One
Recently, Larsen said his colleagues have taken what was for them an unprecedented step of removing their names from research reports they have written about some of the nastiest gangs.
Some extortionists make phone calls to executives who work at victimized organizations to try coaxing them into paying a fee. In other cases, attackers have called executives by spoofing the numbers of their children — a new tack that Charles Carmakal, chief technology officer at Google's Mandiant.
"As these tactics get bigger and more aggressive, they're going to be more disruptive to people's ordinary lives," said Allan Liska, an analyst at Recorded Future Inc., who compared the extortion methods to real-world violence like the kind in mafia movies.
"If you send somebody a finger, they're more likely to pay a ransom," he said. "This is the equivalent of that."
Health-Sector Attacks
The attacks in the health sector show that some of hackers' increased brazenness is apparent in the types of targets they've put in their sights.
Hospitals in London for weeks have struggled to overcome a hack that forced doctors to turn away patients. Seeking to further maximize their leverage, the gang behind the breach threatened to publish data stolen in the incident, ultimately
In the Change Healthcare hack, thieves from the BlackCat cybercrime group
A
Cybercrime campaigns have continued despite more action from international law enforcement. The problem is that hackers often work from countries that protect them from extradition to the West, Liska said. "They don't fear retaliation," he said.
US President Joe Biden has
That's in part because it has become easier to conduct such campaigns. Hackers can find pre-made ransomware kits on the internet, paying as little as $10,000 to attack US companies, according to Liska.
"Go mow the lawn for the summer and you'll make enough money to start your first attack," Liska said.
To contact the authors of this story:
Jeff Stone in New York at
Charles Gorrivan in New York at