Can Cybercriminals Hold Enterprises As Their Hostage Digitally Anytime They Want?
Information security, identity, as well as privacy are perennial hot topics today, as the world is witnessing high-profile cyber attacks and actual atrocities that have focused businesses attention towards data protection, encryption, and privacy as never before. Every year brings its crop of damaging hacks, brought about by an evolving arsenal of cyberattack techniques, which the security industry strives to defend with existing tools while gathering intelligence on new vulnerabilities.
Users are also part of the problem, as their careless or malicious online behaviour can create exploitable opportunities for hackers, or directly result in security breaches. And as a result of these security breaches, it's clear that businesses and other organisations are regularly losing large amounts of confidential data to increasingly well-organised cybercriminals.
Looking at the vulnerabilities / gaps that make businesses soft targets for cyberattacks, modern day malwares are best in exploiting such situations. As per the industry reports, premium-rate mobile malware, ransomware and Facebook-targeted malware caused chaos in the second half of 2014. However, the most notable trend of the six months was the proliferation of ‘vulnerability-leveraging malware’ such as the increasingly popular Angler and Astrum exploit kits. 'Exploit kits' are a form of attack that target existing vulnerabilities. These tool kits are planted on websites and exploit vulnerabilities found on a visitor’s device to drop malware on the machine.
India in the crosshairs
Hackers are using various malwares like Botnet, Ramnit and Autorun to hack into various devices to steal data, banking credentials, cookies and other vital information. For example, in the recent Europol takedown (February 2015) of the Ramnit botnet infrastructure where 3 million computers were believed to be infected, India was on top of the list. Ramnit stole banking credentials, cookies and other kinds of personal information from the machines it infected, while it could also open backdoors for ransomware and steal FTP credentials.
Research also indicates that India is also one of the top 3 countries infected with Autorun infection. Autorun is a family of worms that spreads mostly via infected removable and hard drives, and can perform harmful actions such as stealing data, installing backdoors and so on.
The fact that vulnerability-leveraging malware is increasingly dominant among detections means that there are a lot of unpatched operating systems and third party applications and software – and these are easy targets. Our earlier studies show that about 80% of top 10 malware can be easily avoided with updated software. Yet, in many enterprises, software systems continue to be left unpatched, leaving the business environment open to attacks.
With the number of attacks targeting existing software vulnerabilities still increasing, it is more important than ever to keep all your software patched and up to date. And as India becomes more digitally enabled, one expect global cybercriminals to increase their attention towards India.
Growth of Ransomware as a whole
Ransomware, as the name implies, is a form of malware, and thus can be blocked on PCs by any anti-virus or anti-malware engine that correctly signature-matches the malicious code. But many related attacks - often launched via phishing e-mails, fake downloads, and malicious URLs - originate with crimeware toolkits, which can exploit any one of a number of vulnerabilities to instal malware. Furthermore, by the time any ransomware is detected, an infected PC may already have played host to malware designed to steal financial details, launch distributed denial-of-service attacks or relay spam.
In today’s date, ransomware is the most prominent kind of digital threat and also one of the fastest growing classes of malicious software. In recent times, it has evolved from simple screen blockers demanding payments to something far more dangerous. For example, independent research conducted in 2014 estimates that a file-encrypting ransomware called CryptoWall, infected over 6,00,000 computer systems in just six months, held over 5 billion files hostage -- earning its creators more $1 million. This is the new world of cyber kidnapping where your information is kept hostage and destroyed if you do not comply to the ransom demands. Tactics have ranged from threatening but harmless pop ups purporting to be from law enforcement agencies demanding fines, to the more malicious and damaging tactic of encrypting the victim’s files in an attempt to force users to pay to have the files returned.
There is a significant increase in the amount of malware designed to extort money from unsuspecting PC as well as mobile phone users. Malware such as premium SMS message sending trojans and ransomware continue to spread, making them a notable presence in today’s digital threat landscape.
In addition to older threats such as Cryptolocker and CryptoWall, new families such as CTB-Locker and SynoLocker has emerged as PC-targeted menaces. The emergence of the SynoLocker family, which infects network attached storage (NAS) devices, is also a clear indication that malware developers are expanding their products’ targeting capabilities.
This current crop of ransomware typically encrypts files held for ransom, making them effectively impossible to recover without the decryption key held by the attackers. The extreme difficulty in decrypting affected files without a decryption key, and the various thorny issues involved in paying a ransom (especially if a business is affected), makes ransomware a particularly difficult threat to resolve.
The defence strategy
Given the rapid spread and potentially high cost of ransomware, it is important to take effective steps guard against this menace. It would be great if one could rely on law enforcement agencies to do the job, but that is not a realistic expectation. If one is hit and can’t recover the data, businesses think it is best to pay the ransom. But that just gives the criminals more money for future attacks. Enterprises must hence take steps ahead of time to ensure that one does not become a victim in the first place.
This requires a complete, defence-in-depth strategy. A simple step to start with is making sure that every piece of software is kept up to date. The hackers are looking for vulnerabilities they can exploit to take over systems. Vendors generally do a good job of patching any flaws once they are found, but if the patches are never applied you have left the door wide open for attacks. CIOs can take a look at automatic patching tools that can make this much easier for the IT admins. These tools can enable automatic updates and offer protection against emerging security threats.
Organizations should also ensure that every device that connects to the company’s network is secured. This includes employees’ smartphones, tablets, laptops and home computers. Protection should comprise anti-malware and/or whitelisting software as well as establishing secure policies such as not allowing programs to auto-instal, blocking ports, web filtering, share access restrictions, and encryption of data. However, the major focus of the organisations should be on backup and user training. Real-time or near-time backup can be an effective countermeasure to minimise the damage caused by ransomware if an infection ever occurs. The infected device can be thoroughly wiped and all applications and data can be reloaded.
Beyond PCs, ransomware attackers have also been targeting Android devices. On Android, the Koler and Slocker ransom-trojan families have also been busy increasing their count of variants, making them the largest ransomware families on that platform. To defend against these types of attacks, organisations need to ensure that employees with Android devices are using anti-malware tools. Many such tools now also include cloud-based backup capabilities, so infected devices can be wiped and restored, which many security experts say is the only reliable way of eliminating infections.In summary, it is very essential that security heads put a plan in place to defend corporate data - residing on PCs, servers, network shares, smart phones and cloud-based services - against ransomware attacks. But a better approach is to make sure you never get infected in the first place.