Roisin Kiberd looks at the huge impact malware attacks have had over the past 12 months, and what businesses have learned from it.
Has this been the worst year for ransomware on record and, if so, does that mean things can only get better?
Many experts admit that ransomware is getting much worse. In the first quarter of 2017, six out of ten malware payloads were ransomware, and 71% of those attacked were subsequently infected.
One reason for this is that traditional antivirus programs are failing. Another is that the mode of attack continues to evolved and become more sophisticated. Aside from the malware strains which can generate a new hash every few seconds, allowing them to bypass signature-based antivirus, there’s been an increase in “bespoke” social engineering used by hackers to seem credible and to prey on the most vulnerable targets.
Anwesh Adhikari, product strategy specialist at Viatel, said Business Email Compromise (BEC) attacks were a significant threat. “BEC campaigns from cybercriminals are well-researched and targeted to appear like a genuine business email, requesting the recipient to send a wire payment urgently. Even big companies like Facebook and Google have been victims of BECs. BEC messages are simply an email or text message with no malware or suspicious link, making it even more challenging to identify or block. They rely on the recipients ability to determine whether the request is coming from a genuine source or not”.
The days of poorly-formatted, endearingly ungrammatical spam email from a mysterious stranger asking for money are over: now hackers are taking the time to make their emails appear convincing.
Organizations are only as strong as their weakest link and, with ransomware in particular, a mistake made in a second can lead to lasting damage. “a lot of people are aware now and will only open emails they’re expecting. The hackers are getting very clever and doing their homework. They make the emails look legitimate, and very much like an email the person would normally get. They use the right names, connections and phrases to make them look valid”.
One of the questions on people’s minds concerning ransomware is what happens to the data. Is it simply encrypted and left alone, or is it taken and sold on down a line of criminals? And if somebody pays the ransom will they get it back?
It’s impossible to know. While some have paid to receive their files, and some have eveb been given the key unannounced (in 2016, security researchers at ESET were surprised when the creators of the TeslaCrypt virus handed over the key for free, as part of the “Wrapping up” of their operations. But for every victim who has recovered their files there are many left empty handed. In the case of Wanna-Cry ransomware, which infamously targeted the British health service earlier this year, their payment process was so poorly built, researchers warned that paying up would likely accomplish nothing.
The key then is to have another option, by making regular back-ups and storing them in ways the hackers cannot access them. This will help minimize downtime if you’re hit, as well as demonstrating a responsible approach to the data commissioner (From May 2018 on, when the GDPR come into force, any attacks will have to be reported within 72 hours of their discovery).
“There are solutions to fit every size and type of businesses within their budget” Adhikari said. “The problem is lack of awareness of the gravity of the problem, resulting in IT security not being a business priority in many cases. Building a strong security posture should be a strategic priority. It’s not just about protection, but also the ability to quickly respond to a breach and minimize the loss”.
Organizations should force users to use complex passwords. Education is key: don’t click on attachments or links on emails if unsure of the source. If there’s something unusual in the language, ring the person to double-check or confirm it was actually sent by the person you expect it to be from. Do not email back the user to confirm – use a different means. People believe ransomware is a real threat now. They are more aware of cyber events and attacks. That’s the one good thing about all these attacks: that more people are taking notice and protecting themselves.
Viatel’s security-as-a-service solutions enable you to pay for enterprise-class security services on a pay-as-you-go subscription model, without the need for expensive upfront capital expenditure. Our powerful security services can prevent attacks to your IP network to ensure your data is safe from cybercriminals.