Ransomware and Beyond – Part 1

The Internet is teeming with cybercriminals armed with increasingly sophisticated malware designed to steal your data – or extort you for cash. It’s an evolutionary process, an arms race, and a threat to every organization doing business across the Internet. Symantec’s 2016 Internet Security Threat Report contains some appalling statistics. During 2015:

  • Zero-day attacks (exploiting software vulnerabilities) more than doubled.
  • An estimated half-billion personal records were stolen or lost in data breaches.
  • Three-quarters of all websites were found to be vulnerable to exploits.
  • Spear-phishing campaigns targeting employees increased 55 percent.
  • Ransomware attacks increased 35%, spreading to Mac, Linux, and smartphones.

For me, the situation became personal when the tiny, not-for-profit company my wife works for was hit by ransomware. The second time in less than a year they have been targeted by cybercriminals, they’d done nothing wrong. The cryptovirus infiltrated the network from a seemingly reliable e-mail.

In the first quarter of 2016, Kaspersky Labs reports that it prevented 376,602 ransomware attacks on users, an increase of 30 percent compared to Q4, 2015.

Ransomware propagates in a variety of ways, through infected email attachments, downloaded software, or via innocent or official-looking links that lead to infected websites and advertising (‘malvertising’). According to some experts, many infections in the corporate setting occur due to “spear phishing”, in which individuals or companies are specifically targeted, often using information found on social media sites. Emails forge marks of authenticity, and appear, at first sight, to come from trusted sources.

Cryptolockers, for example, infected over a quarter-million computers in the last quarter of 2013. It typically arrived as an attachment in an e-mail that purported to be a ‘Customer Complaint’. Once the attachment was opened, the malware infiltrated the computer or server, scrambled all of the victim’s files with commercial-grade (2048-bit RSA) encryption software, and displayed a ransom demand.

Attacks on mobile devices are currently less common than attacks on PCs, but since consumers increasingly rely on smartphones to access the web, it’s my bet that cyber villains will increasingly target mobile devices. This leads to my next concern. Imagine the potential for profit, and harm, once criminals begin to target the Internet of Things (IoT). The hardware used in smart homes and smart cars, for example, could be held hostage – suddenly you can’t unlock your door, turn on your ignition, adjust your thermostat, etc. It gets worse – imagine the threat to people wearing Internet-connected medical devices, such as pacemakers and insulin pumps. Suddenly the threat is not just the loss of your data or money, but the imminent loss of your life.

The recent Mirai attacks, which came to light in September of this year, foreshadow a potential plethora of problems to come. Mirai takes advantage of default passwords that create vulnerabilities in countless IoT devices. Once hacked, these devices can be used to form vast botnets, capable of delivering concerted DDoS (Distributed Denial of Service) attacks. Traditionally, DDoS attacks have been used to take down entire websites or networks, by overloading them with spurious traffic. With botnet numbers of IoT proportions, security experts are predicting attacks that could take down entire portions of the Internet, just this week a small African country had their internet taken down. Although to my knowledge the IoT has not been used for ransomware yet … there’s no reason to think it won’t happen.

As corporations, big and small, how do we protect ourselves against a ruthless, evolving, and implacable enemy? In part two of this blog, I’ll go into detail on ways you can minimize your risk. So as not to leave you hanging, however, I give you three sage words of advice: backup … backup … backup. Backup regularly, backup properly and backup securely.

My colleague, Tracey Gates, recently published a blog on this topic called: The Importance of ERP Backups – her opening statement includes the word “priceless” to describe a situation where a backup can be restored easily and the steps that need to be undertaken to reach this peace of mind.

Download Whitepaper

Stay ahead of the rest...

SYSPRO blog gives you weekly industry insights supplied by experts.

Leave a Comment