Cryptocurrencies allow cybercriminals to obfuscate ‘clean’ funds with dirty money
Ransomware continues to dominate the cybersecurity landscape in 2017 and will continue to pose a major threat to enterprises and individuals around the globe next year as the method continues to prove profitable and offers virtual untraceability for cybercriminals, industry experts said.
In 2017, 26.2 per cent of ransomware targets were business users — up from 22.6 per cent in 2016. This increase is due in large part to three major sophisticated attacks — WannaCry in May, ExPetr in June and BadRabbit in October.
Mahmoud Mounir, regional director at Secureworks, said that ransomware provides a 1:1 relationship with the victim, requiring no overhead for production of web-injects, managing money-mules, or cashout — with cryptocurrencies such as Bitcoin allowing cybercriminals to obfuscate ‘clean’ funds with dirty money through services like tumbling, mixing and coin laundering.
He said that targeted ransomware attacks on enterprises are also likely to be on the rise, as companies have the capital to pay higher ransoms than individuals. Criminals will continue to become more sophisticated, better resourced, and more patient, and will look to target businesses with higher value ransoms.
According to Kaspersky Lab report, 65 per cent of businesses were hit by ransomware in 2017. There was a marked decline in new families of ransomware: 38 in 2017, down from 62 in 2016, with a corresponding increase in modifications to existing ransomware (over 96,000 new modifications detected in 2017, compared to 54,000 in 2016). The rise in modifications may reflect attempts by attackers to obfuscate their ransomware as security solutions get better at detecting them.
Kaspersky Lab predicts a rise in cryptocurrency mining or targeted attacks for the purpose of installing miners, which can result in more money for criminals over time.
Mounir sees targeted attacks on banks will likely remain a threat, especially as organised criminal organisations engage in online banking fraud as one of means of generating income.
“Some organisations will focus on non-European and US banks, which are perceived to have weaker security controls and less robust business processes than most of the major Western banks,” he said.
However, he added that malware targeting is diverse and not limited to major banks. Wealth management companies and their high-net-worth customers will also be targeted, as are payroll processing portals.
Alastair Paterson, CEO and Co-Founder at Digital Shadows, said that the cybercriminal community is all about profit and that means they continue to utilise the same sorts of tactics if they continue to gain the results they are after — mainly money!
“But whatever happens in 2018 and beyond, what is clear is that cybercrime will continue to be a problem and present governments, businesses and individuals with challenges to protect their data and their intellectual property,” he said.
It is therefore critical that users take steps to manage their digital footprint and manage the digital risk they present to the World via your business activities in the internet and via cloud solutions. That way, he said that when something bad does happen, users will know quickly and can deal with it more effectively.
“I expect malware modified with self-replicating capabilities to continue in 2018, particularly given the disruption caused by WannaCry and NotPetya inspiring similar attacks,” he said.
The bar for cyber-attacks keeps getting lower, he said and added that the availability of leaked tools from the NSA and HackingTeam, coupled with ‘how to’ manuals, means that threat actors will have access to powerful tools that they can iterate from and leverage to aggressively accomplish their goals.
Predictions for 2018
• Business email compromise (BEC) and Business email spoofing (BES) attacks will also continue in 2018. This is where threat actors profit from sending emails to employees who have access to company funds, and from compromising the computer, email account, or email server of the victim organisation in order to intercept and alter, or initiate business transactions.
• Targeted attacks on banks will likely remain a threat, especially as organised criminal organisations engage in online banking fraud as one of means of generating income. Some organisations will focus on non-European and US banks.
• The dependability on AI/machine learning in cybersecurity will continue as more cybersecurity professionals and companies understand the benefits of an AI/machine learning in the way of streamlining and enhancing threat detection and response, especially when coupled with human threat analysis.
• internet of Things vulnerabilities will also be increasingly targeted by criminals, especially as the IoT network is fast expanding its user base with the likes of smart home assistants, smart cars, and all smart ‘things’.
• The shortage of skilled cybersecurity workers will continue.
• Cloud security will become a greater priority for businesses, as more companies move their data to the cloud. So, there will be an increased need for cloud security consulting, especially in light of the upcoming GDPR regulation.
• The imminent arrival of the General Data Protection Regulation (GDPR) and its subsequent effects will be largely felt across the industry, with those organisations not protecting data and staying compliant with security regulations exposed and fined up to €10 million or two per cent of worldwide annual turnover.