Blog

Ransomware - the evolution of cyber threat species

 Cyber threat predictions for 2016 and tips on how to protect your business against them.

The cybersecurity sector is continually evolving, with new changes affecting the way information is traded and protected. Globally, cyber-crime is overtaking physical crime, with every level of criminal getting in on the act, from low level scammers to international organised crime groups robbing banks, corporations and individuals. Technology has allowed criminals to operate across borders on a huge scale and even offer their services to others.

So what are the most damaging types of cyber threats you are likely to face in 2016, and what should you do to defend against them?

1- Which type of cyber threat do we think will cause the most damage, and why?

Hackers are becoming more mercenary and are focusing efforts on high value, low effort activity – the number one being Ransomware.

Ransomware is a type of malware that prevents users from accessing their system, forcing its victims to pay a ransom through certain online payment methods in order to grant access to their systems. Some ransomware encrypts files (called Cryptolocker) or use the anonymous TOR network to hide C&C communications. This activity is proving to become more and more profitable for hackers who sometimes manage to extort millions of pounds from targeted businesses. The Cyber Threat Alliance said more than $325-million in computer ransom demands have already been paid out globally.

Another concerning security trend is how hackers are using evermore consumerised, easy-to-use and very efficient attack toolkits. These toolkits tend to stick more and more accurately to what the black market is demanding – because there is a demand!! The offer portfolio is becoming better packaged and very well-advertised on famous online hacking marketplaces. We should expect several global email hacking campaigns, or some very clever and malicious breaching attempts (zero-days attacks), to gain access to sensitive information stored on private corporate infrastructures.

Finally, during the past 6 to 12 months, we have been witnessing a tremendous intensification in denial of service attacks, i.e. massive DDoS attacks (500 Gbps being the largest reported). These attacks are created to paralyse customers’ online presence, sometimes to raise awareness for political purposes or, again, to extort funds by disrupting online merchants or online banking applications. To make the effect even more painful for end users sometimes hackers launch their attack on the last Friday of the month, which is a traditional payday in the UK; this is exactly what happened to the famous HSBC bank at the end of January this year.

2- Which tactics will offer the best defence?

The consensus on this topic and across the industry is that there is no silver bullet that will completely stop the difficult-to-detect threats.

However, golden rules to follow include:

Use wide spectrum anti-malware and cloud based threat protection services:

  • employ up-to-date anti-malware tools on every device you have in your estate to block ransomware from being able to infect systems
  • use threat intelligence services in order to track the evolution of any polymorphic worm that changes form with each infection and morphs up to six times a day to evade detection
  • use carrier grade DDoS mitigation services to protect your IT as close to the attack source as possible

Back-up everything:

  • regularly back up all systems and servers
  • maintain offsite backups so any ransomware-infected systems can be wiped and restored
  • continually test all backups

Don't pay: Whether it's ransomware or cyber-extortion rings threating distributed denial-of-service attack disruptions, law enforcement agencies recommend never paying attackers, since it will just keep them coming back for more ad infinitum.

Defending your network from sophisticated cyber attackers today requires a list of appliances and applications including DDoS protection, intrusion prevention systems, web application firewalls, data loss prevention, security information and management, deep packet inspection, network analyzers and lawful intercept. With so many requirements just from a hardware and software perspective, it’s easy for companies to become overwhelmed by their growing cyber security budget. Like many other aspects of your business, outsourcing security often makes sense.

So, as a final recommendation, do your research and focus your attention outsourcing your network security to a Managed Security Service Provider (MSSP). MSSPs generally provide real-time cyber security reporting 24 hours a day, 7 days a week, 365 days a year. This is critical for companies because the timing of a cyber-attack is almost impossible to predict. You can set a service level agreement (SLA) for your exact needs and have the legal backing to have it guaranteed, giving you peace of mind regarding network protection.