Will ransomware continue to terrorise with attack methods projected to diversify?

Ransomware has been a very successful threat for cybercriminals over the past few years and this trend is not slowing any time soon. WannaCry is the most recent example of “ransomware”, with malicious programs that block access to files unless the victim pays off the hackers (usually in Bitcoin, an untraceable digital currency).

Unfortunately, attacks like WannaCry are likely to become more common, not less, as evidenced by a 2017 report from cybersecurity firm Symantec which found "a 36% increase in ransomware attacks worldwide”.

To make matters worse, more inventive ways of utilizing includes infecting higher numbers of businesses across the globe, in which ransomware is set on terrorising more industries on a wider scale than ever before. The recent outcry of the new “Petya” ransomware attack caused yet another chaos amongst large organisations – WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk – leading to PCs and data being locked up and held for ransom. Like WannaCry, “Petya” spreads rapidly through networks that use Microsoft Windows. The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability within Microsoft Windows (Microsoft has released a patch, but not everyone will have it installed) or through two Windows administrative tools. The malware tries one option initially and if it doesn’t work, subsequently tries the next. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint (Source: The Guardian).

Petya now marks the second major global ransomware attack in just a mere two months and it is projected that there is more of such attacks to come.

This 2017, experts predict an increase in professional, advanced attacks – including attacks on cloud infrastructure – and the rise of data manipulation attacks, further underlining the need for a fresh approach to data security.

 While there is so much that organizations can continue to do in their active pursuit of new ways to protect their systems from this threat (deploying a multi-layered, cross-generational defence), a swifter call-to-action whilst equipping the right talent with high-tech skills is essential.

Nevertheless, since ransomware predominately comes from the Internet through email or web downloads, the first line of defence should be deployed via advanced messaging and web security. Unlike traditional malware actors, ransomware criminals can achieve profits from targeting any system: mobile devices, personal computers, industrial control systems, refrigerators, portable hard drives, etc. The majority of these devices are not secured in the slightest against a ransomware threat. Threats will soon be amplified as hackers continue to vary their means of attacks and below is a list of what organisations should prepare for.

Ransomware’s growing sophistication takes several forms:

  • Malware that targets zero-day (an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network [Source: Symantec]), undisclosed and unpatched vulnerabilities.
  • Distribution and ransom demands that incorporate social engineering, prior surveillance and self-propagation to spread throughout a network.
  • Strong, asymmetric, in-memory encryption that is both impossible to break (see the Apple-FBI case for example) and leaves no trace of unique session keys on the device
  • The use of multiple anonymizing technologies such as Tor, proxy servers and crypto-currencies (for payment) like Bitcoins, Litecoins (LTC) and Dogecoins (DOGE) to hide and thwart tracking of the attacker’s identity.

Contrary to current trends of non-targeted ransomware attacks, experts in the field predicts a shift to targeted hacking in the near future.

“Though most ransomware attacks are not targeted, it is likely there will be an uptick in targeted attacks in 2017. Compromising corporate environments through targeted attacks allows the attackers to request more money than they would receive from a typical user. That makes enterprise targets more attractive” said Alexander Hanel, a security researcher at SecureWorks.

The ominous potential of ransomware serves as a reminder that organizations must heighten their cyber security strategy. While having an advanced network, system and data security technologies with layered defences are important, it’s simply not enough. Moreover, ransomware, like many others exploits primarily on human weaknesses and lack of knowledge to gain an upper hand.

What can organisations do in preparation for cyber-attacks? 

The key to prepare for an attack – have a forward-looking strategy that is able to anticipate potential crisis. Experts have suggested the use of virtualized security functions (NFV) and micro segmentation of virtual data center networks to limit the potential spread of ransomware. By placing security controls on the host and strictly limiting communications between hosts and applications through explicit security policies, NFV should be able to contain or at the very least, slow the spread of all types of malware.

Another way is through investments within cybercrime insurance. Currently, only a small share of the insurance market provides comprehensive cybercrime policies globally, with most providers offering only a patchwork of policies with minor coverage. This measure can however, be complicated depending on the factors in which an organisation needs to take into consideration to determine if cybercrime insurance would be a viable option in combatting ransomware. Firstly, there is a differentiation between insurers and insured. Secondly, there is the level of coverage needed. Thirdly, there is the increased variation of regulatory and even cultural differences that could potentially affect the nature of cybersecurity risk management.

Yet, the ransomware protection’s market size is expected to grow from USD 8.16 Billion in 2016 to USD 17.36 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 16.3% during the forecast period. The major growth drivers of the market include the rise in phishing attacks and security breaches as well as the emergence of the Ransomware-as-a-Service (RaaS) model, through which cybercriminals are reaping billions of dollars from the victims (Source: PR News Wire). 

Although such strategies are easy to implement, there are still limitations as discussed below.

All statistical figures below are referenced from the State of Cyber Security 2017 survey conducted by Information Systems Audit and Control Association (ISACA).

  • Budgets for cybersecurity may still be expanding, but at a relatively slow pace

Half of the enterprises represented by survey respondents anticipate a growth in their cyber security budget over the next year. Although this is an encouraging sign that represents cyber security as an investment area, the rate of growth appears to have slowed down. This is because 61% of survey participants indicated an expected budget growth in 2016 but this figure has dropped to 50% in 2017. Moreover, a third of companies spend more on marketing than IT security, according to one survey by NTT. This has resulted from the impression that despite the splurge on technologies, firms may still run into the risk of getting attacked which can happen through other errors. In fact, these organisations may be lulled into a false sense of security. To make matters worse, despite talks on growing the resource bank allocated to combat those attacks, it is still relatively low and growing at a reduced rate compared to previous years.  

  • Internet of Things (IoT) is replacing mobile as an emerging area of concern

Threats resulting from mobile-devices have decreased from last year. IoT however, appears to have emerged as the new challenge area. Concerns over the cyber security ramifications of IoT show no signs of slackening. In addition, the number of respondents for whom IoT is “on the organization’s radar” increased significantly over last year. 59% of 2016 respondents cited some level of concern relative to IoT while an additional 30% are either “extremely concerned” or “very concerned”. While IoT further integrates within our daily lives, there is a need to encourage greater vigilance from the public to take preventive measures that reduce the risk of a ransomware attack.

  • Lack of skilled professionals coupled with difficulties in retaining talent within the cybercrime industry

As cyber threats continue to rise, the survey by ISACA has found that enterprises continue to face difficulty in sourcing for qualified personnel to fill cyber security positions too. One-third of survey respondents noted that their enterprises receive more than 10 applicants for an open position, but 64% of those applicants turn out to be less than qualified for the role. Moreover, even skilled resources, once hired, require time and training before they are fully up to speed to perform at a competent level equivalent to others who are already in the enterprise.

As an increased number of security solutions turn towards a service-based solution, consumers and businesses tend to demand a “round the clock” availability from security teams and their suppliers. This means that work-life balance may be compromised and may eventually be a deterring factor to stay in the field. While monitoring tools help with some of the work, security teams will still need to be on ‘stand-by’ for battle every day. Hence, other work benefits would need to be initiated to curb this growing reluctance of cyber talents and apparent pessimism towards the demands of the job.

Understanding this, Huxley is equipped a database and network in sourcing for the right fit. Beyond that, Huxley is also able to provide in-depth market knowledge which includes insiders information on up and coming trends with regards to cybercrime and ransomwares. Do contact Jing How at [email protected] on LinkedIn to find out more or follow our LinkedIn page for more industry insights.