No one can deny that this year’s U.S. presidential election was no ordinary election. It was truly unlike any other. Furthermore, perhaps no other event has brought the topic of hacking and cybercrime to the forefront as much as the election. With political pundits constantly discussing unsecured email servers and hacked email data on WikiLeaks, it’s easy for the public and businesses to grow weary of the topic of cybersecurity. The fact is that while the election process has seemed endless for the past 18 months, cybercrime continues to grow at an alarming rate, with implications that extend far beyond political debate and squabbling.
Consider some of the following headlines and statistics reported by the network and journals during this period:
Nearly 1 million new malware threats are published every day. (April 2015)
1 in 5 attacks in 2016 were caused by malware (November 2016)
Around 556 million people were victims of this scourge, with over 230 million of their identities illegally and harmfully exposed (October 2016)
Around 44% of UK organisations that were victims of economic crime in the last two years were affected by cyber incidents (February 2016)
Following a data breach, data is often sold on the dark web.
Ransomware is the main culprit
Ransomware is the fastest growing form of malware today, generating 4,000 attacks since January 2016 (April 2016)
55% of financial firms recently surveyed by SAN say ransomware is the top attack threat, followed by phishing (50%), which previously held the top spot (October 2016)
And it’s costing businesses big money
Trend Micro reports that ransomware will cost businesses an estimated $209,000 in the second half of 2016
32% of financial firms report losses of $100,000 to $500,000 due to ransomware attacks in 2016
Marcin Kleczynski, CEO of Malwarebytes, said the threat to financial institutions is so severe and so tense that banks hoard bitcoins to prepare for ransomware attacks.
Ransomware is a global threat that knows no boundaries
Just five weeks ago, the Keck Medical Center of USC reported ransomware attacks on servers at two of its hospitals. Fortunately, they were able to restore the servers from reliable backups. Three months earlier, six separate sites at the New Jersey Spine Center were attacked by Cryptowall ransomware that not only encrypted electronic medical records, but also backup files and the phone system. The ransomware ignited like a kerosene match, creating a fire within the cybercriminal community that seems to know no bounds. It’s a global threat that knows no boundaries.
New ransomware approaches have recently evolved, in addition to the traditional file encryption approach. In the past year, a new approach involving DDOS attacks has emerged, in which attackers demand payment in bitcoin in exchange for restoring an organization’s website. The appeal of this model lies in the possibility of perpetual payments, the idea being that attackers can charge a DDOS subscription on a quarterly or annual basis. If the targeted victim stops, the cybercriminal simply renews the attacks.
Ransomware as a Service
At the Carolina IT conference in October 2016, an IT luminary attributed the rise of ransomware to the ease with which it can generate money. With the rise of Ransomware as a Service, cyber-aspirants can have an instant business model with little investment. RaaS is highly organized and structured, much like a traditional multi-level marketing company. Distribution channels are organized by a boss or kingpin. The structure is then organized into a multi-level hierarchy of 10 to 15 affiliates per boss. Current estimates suggest that bosses can earn an average of $90,000 per year, while affiliates earn an average of $7,200 per year. Basically, an affiliate downloads a malware package from the Dark Web for a small fee of between $40 and $400. For example, Cerber, one of the most active ransomware networks today, affected 150,000 Windows users in July 2016 alone. According to Check Point, revenue estimates are around $280,000. Revenue sharing plans between authors, bosses, and affiliates.
Another factor that shows that ransomware is mimicking the practices of a real company is that ransomware producers are now devoting more effort and investment to research and development, not only to improve the distribution and effectiveness of ransomware, but also to offer more products. A new strain of ransomware called Philadelphia has a pity button that allows victims to decrypt their files for free if the attacker feels remorse or guilt.
Surprisingly, a large proportion of the population still view ransomware as a crime that can only affect their neighbours. According to a Computer Weekly article (February 2016), 31% of respondents to a survey of UK businesses found that the biggest concern about cyberattacks is simply the potential disruption to services. In fact, almost 60% are not concerned about the risk of intellectual property theft. It is clear that attitudes towards cyber threats need to catch up.
