Ransomware Set to Increase, With Attacks to or from the Cloud

Written by

Whenever we read about breaches, hacks or denial-of-service attacks, they are always carried out with a common aim: either to gain or prevent access to personal or corporate information. Data has value – whether it’s a website’s ability to sell and ship products, or the photographs from your once-in-a-lifetime holiday – hackers will look to exploit the fact that someone needs or wants that data and this is why we saw a 50% increase in ransomware attacks in 2016.

These attacks are getting smarter and harder to detect and mitigate – what can be done and how can you avoid being held to ransom? In simple terms, this type of attack holds victims to ransom. This is accomplished by attacking a victim’s online presence, their data is encrypted, they get a notice to pay up, the longer they take to pay the higher the cost, or they lose the entirety of their data.

Globally, businesses are working hard to ensure that they are safe from threats that try to extort them, but we’re just at the beginning stages of an attack model that I believe could get considerably more damaging. Vigilance is key. Given the targeted threat to cloud and digital business models, and also the potential reach that malicious actors have today, this could happen sooner than you think. 

One absolute in security is that risks evolve. As businesses move to cloud infrastructure and applications, new risks have surfaced, which in turn have to be dealt with. In many ways, the opportunities brought by digital transformation present a heightened risk to businesses, since the potential rewards for cyber-criminals are also higher. This brings us back to ransomware, which is a perfect example of an evolving threat. 

Early ransomware campaigns (going back as far as 2005) were cumbersome, but what really restricted widespread usage was the inefficient (and somewhat traceable) method of paying the ransom. That changed with the anonymous payment method introduced via Bitcoin that enabled ransomware to become the threat we know today. The basic concept of these attacks has remained relatively unchanged over the last four years. In fact, one example is Cryptolocker, first discovered in 2013 but was still commonly used in many ransomware campaigns during 2016.

Of course, there have been changes to the ransomware code used by hackers over the years. The normal everyday activity of cyber-criminals is to perform changes to the files, binaries and instruction sets, the command and control functions and the emails and methods used to spread the threats. 

There have also been notable changes in the attack targets, with certain ransomware targeting vulnerable Mongo and MySQL online databases; this is a suitable proof-point for demonstrating how criminals seek to develop the nature of ‘digital extortion’ even further. 

These changes have ensured the money keeps rolling in, but with many individuals and businesses being forced to pay the criminals, a small cottage industry has now developed to further expand profits, with many criminal groups offering Ransomware-as-a-Service platforms to others. 

This is just the beginning. In the last year or so, an unrelated area of development in the way we utilize technology has presented another, potentially more damaging, prospect for cybercriminals to exploit. The IoT attacks that surfaced last year have illustrated that there is another potential opportunity to be abused: holding business services and products to ransom by preventing users from accessing them.

Only recently did we witness a successful ransomware attack on a children’s electronic toy manufacturer, where criminals were able to prevent the customers from accessing the internet functions (online voice messages) used by the toy to deliver messages between parents and children. This was achieved by compromising the cloud-based service used by the toy, and not the devices themselves.

I believe there’s more to come, because the potential is there to utilize the weaker security model currently prevalent in many consumer IoT devices and leverage those vulnerabilities to attack the infrastructure that is built to communicate, update and integrate with customers.  

This evolution could present a significant revenue opportunity for these potential criminals, who may not be looking to prey on the users of those products, but rather the businesses and manufacturers that develop them. These criminals know that many businesses are likely to pay to ensure that their services are kept online and that their brand is not affected.

How much will they pay? Only time will tell.

What’s hot on Infosecurity Magazine?