Cyber-criminals will find new ways to blackmail and extort organizations and individuals in 2018, supercharging ransomware, launching online smear campaigns and firing out targeted attacks aimed at key facilities, according to Trend Micro.
The security giant’s latest report, Digital Extortion: A Forward-Looking View, warns that 2017 was just the tip of the iceberg in terms of what the black hats can do.
Over the coming year, ransomware campaigns are likely to be tweaked yet further for greater impact: for example, by focusing more on organizations like hospitals and manufacturing companies, where downtime could be catastrophic but security investments may lag other sectors.
“We expect ransomware criminals to add new features to their creations by reusing the old book of traditional malware techniques,” explained report author, David Sancho. “It would not be unreasonable to think that they might use portable executor infectors or any other more aggressive delivery technique in order to increase the speed of the infections and spread the impact far and wide.”
Attacks could be accelerated by ensuring the malware knows what file types to search for and encrypt according to the organization — i.e. image and video files at a media company.
The report also warns of dynamic pricing techniques which could automatically set a fee for the decryption key based on the nature of the business.
Other forms of targeted attack designed to extort companies and individuals in 2018 could include breaches of adult websites, like the infamous Ashley-Madison incident; attacks on blockchain technologies; supply chain disruption; and manufacturing process alterations.
In the case of the latter two examples, attackers could plant malware and/or alter processes and then demand a fee to call off their attack.
Online blackmail could also make a big impact this year, with digital smear campaigns timed to cause maximum damage to an individual or organization — think a politician in the run-up to a major election.
The potential for convincing spoofed video footage to cause mayhem makes fake news fact checking even more important, the report claimed.
Organizations should prepare for the above scenarios in their incident response plans and educate employees and management “against both typical and atypical digital extortion attempts, especially when it comes to phishing and social engineering,” urged Sancho.