“In many ways, everything old is new again.”
These were the words of keynote speaker Mikko Hypponen at the Cloud Security Expo in London this week.
In his presentation ‘Behind Enemy Lines’ Hypponen, chief research officer at F-Secure, explored the techniques that cyber-criminals adopt to carry out their attacks.
He explained that whilst there has been a clear evolution in how hackers go about the majority of their business since some of the first computer viruses were discovered around 30 years ago, it is important to remember that some types of malicious attacks still rely on very old fashioned techniques.
“When I joined F-Secure I was analyzing viruses spreading on floppy disks,” Hypponen said. “Before the internet, for viruses to spread from one country to another somebody had to physically take it and travel with the floppy disk to move the virus to a different country. Obviously today viruses spread on the internet, except some of them don’t.”
Some recent viruses, such as the malicious computer worm Stuxnet discovered in 2010, can only be spread physically via a USB flash drive much like far older types of bugs, Hypponen added.
“Another example,” he continued, “the very first ransom trojan we ever found was spreading on a floppy disk – it was called the AIDS Information trojan in 1989. After the trojan was installed on your computer it would encrypt the contents of your hard drive, show a display message and demand payment from you, the victim, to regain access to your own [locked] computer.”
Hypponen pointed out that the message that would appear on the user’s screen back in 1989 was practically identical to a message of a ransom trojan they detected just two weeks ago, again highlighting his argument that “everything old is new again.”
Lastly, regardless of their technological skill or malicious knowhow, cyber-criminals still rely on something they always have done – a good reputation.
“If you fall for ransom demands; if you follow the instructions; if you actually pay the ransom they will, they will decrypt your files – so at least they are honest criminals. The reason why these criminals are honest is that they know they have to deliver if they want to have a good reputation.”
Hypponen said cyber-criminals need that because they know victims will often first use Google to try and find an alternative way of getting their files back without paying the ransom. So, if all they can find online are posts from fellow victims saying that although they found no alternative other than to pay up the hackers did as promised and quickly returned the files safe and sound once the cash was sent, new victims will be quick to follow suit. Thus, the attackers have successfully achieved their goal by using the simple, time-tested technique of appearing to be ‘trustworthy criminals’.