Kapeka: A New Toolkit in the Arsenal of SandStorm

Kapeka, also known as KnuckleTouch, emerged around mid-2022 but gained formal tracking in 2024 due to its involvement in limited-scope attacks, notably in Eastern Europe. It's associated with the Sandstorm Group, operated by Russia’s Military Unit 74455, known for disruptive cyber activities, particularly targeting Ukraine’s critical infrastructure. Despite reduced incidents of ransomware attacks, the average ransom payment surged to $2 million, a 500% increase from the previous year. Nearly two-thirds of ransom demands exceeded $1 million, with 30% demanding over $5 million. Large organizations with annual revenues of $5 billion or more were more likely to pay ransoms. Excluding ransom payments, the average cost of recovery from a ransomware attack rose to $2.73 million, with a longer recovery time in 2023.

Security Officer Comments:
Vulnerability exploitation, compromised credentials, malicious email, and phishing were common root causes of ransomware attacks. Large organizations were more likely to experience ransomware attacks starting with unpatched vulnerabilities. Cybercriminals attempted to compromise backups in 94% of ransomware victims, with successful attempts leading to double the ransom demand. Data theft in ransomware incidents increased, providing additional leverage for attackers.

Suggested Corrections:
Despite the challenges posed by Kapeka's advanced functionalities, organizations can enhance their defenses through comprehensive security measures and proactive security strategies.