Cybercriminals will
continue to innovate through ransomware
The
malware business is a business like any
other: cyber threat groups compete and innovate, with the most successful
growing and spreading rapidly. Given the success of ransomware in 2016, we will
see a continuation of ransomware attacks – with new innovations emerging and
propagating, according to whichever attracts most payment.
2016 saw real innovation in the ransomware market, with a
particularly interesting recent variant called ‘Popcorn Time’ that allows the
victim’s files to be decrypted for free if they can infect two other people.
Commoditized versions of ransomware will, however, be a less
pervasive threat for large corporations, as they gradually improve the
management of this threat and their ability to mitigate it. Rather, criminals
will target high-value assets using more sophisticated and innovative
ransomware variants, and will develop additional functionality to seek out more
lucrative individual targets within organizations, to enhance the chance of
victims paying ransoms. Criminals will extort victims not only by threatening
to deny access to data, but also by threatening to publish sensitive data.
Website defacements will
be old school – website ransoms will be the new tactic
One specific kind of attack we expect to grow is website
ransomware, where the contents of websites are targeted. This trend started
emerging in Asia last year:
• In November, several websites were found to be compromised and
their web contents encrypted by a ransomware variant called JapanLocker.
Control Risks’ research into this variant reveals that it was developed by a
hacker known as Shor7cut, a member of the Indonesian Defacer Tersakiti group.
This group is well known in the Indonesian hacking community and has more than
22,000 members.
• In October, several Pakistani government websites were
compromised and their contents encrypted by the CTB-Locker ransomware. The
hackers, believed to be from the Indian group known as Hell Shield Hackers,
used this method to retaliate after Pakistani hackers breached nearly 7,000
Indian websites.
• In March, a ransomware variant known as KimcilWare was spotted targeting
websites running the Magento eCommerce platform. This variant is thought to
have been developed in Indonesia.
• Also in March, Kaspersky Lab detected more than 70 servers,
located in ten countries, compromised by the CTB-Locker ransomware. Most of the
victims were from the US; this shows how threat actors in Asia Pacific are
taking successful tools from other regions, adapting them, and applying them in
their own region.
Such attack techniques will continue to emerge and evolve in 2017.
We foresee further ransomware variants of this kind being developed by threat
actors in Asia Pacific, and used for cyber activist and cybercriminal
activities in the region.
No comments:
Post a Comment