Title: The Rise of BlackSuit: a Menace to Businesses Worldwide
The recent hack into software maker CDK Global has once again highlighted the growing threat of cybercriminals targeting big companies through breaches in their software suppliers. CDK Global, a provider of software commonly used by car dealerships, saw its operations disrupted, leading to manual transaction processing at many dealerships across the U.S.
Who is BlackSuit?
BlackSuit, the hacking group believed to be responsible for the CDK hack, emerged in May 2023. It is a relatively new cybercriminal team that analysts believe originated from the notorious Russia-linked hacking group named RoyalLocker. RoyalLocker primarily targeted American companies and was known as one of the most formidable ransomware groups, ranking third behind LockBit and ALPHV.
Unlike its more aggressive counterparts, BlackSuit does not have as extensive a network of hacking partners. According to Kimberly Goody, head of cybercrime analysis at Mandiant Intelligence, the number of victims listed on BlackSuit’s data leak site suggests a smaller scale of operations. However, the majority of BlackSuit victims have been based in the U.S., followed by the U.K. and Canada, spanning various sectors.
Extent of BlackSuit’s Hacking Operations
Recorded Future, a security firm, has identified at least 95 organizations globally that have fallen victim to BlackSuit’s hacks. However, it is believed that the actual number of victims is much higher. The majority of these organizations were based in the United States and operated in sectors such as industrial goods and education.
Further analysis by ReliaQuest, another security firm, has revealed that Russian-speaking threat actors associated with BlackSuit actively seek partnerships in underground forums to gain access to companies. This indicates an ongoing and expanding threat from these cybercriminals.
The Modus Operandi: Double Extortion
BlackSuit is known for employing a tactic called “double extortion.” This method involves stealing sensitive data from the victim organization, locking their systems, and threatening to leak the information unless a ransom is paid. According to Mandiant’s Goody, BlackSuit not only carries out these attacks but also provides support to smaller cybercriminal groups called “affiliates.” This support includes resources to harass victims and take down their websites as additional pressure to force payment.
Conclusion
The rise of BlackSuit and its affiliation with the notorious RoyalLocker hacking group highlight the increasing threats posed by cybercriminals worldwide. The group’s ability to breach software suppliers and carry out double extortion attacks demonstrates their sophisticated nature. Businesses, especially those in the U.S., the U.K., and Canada, must be vigilant and take proactive measures to fortify their cybersecurity defenses. Collaborative efforts from government agencies, security firms, and organizations are crucial to mitigate the risks posed by such cybercriminal groups.
