Get All Access for $5/mo

Can Cybercriminals Hold Enterprises As Their Hostage Digitally Anytime They Want? With the number of attacks targeting existing software vulnerabilities still increasing, it is more important than ever to keep all your software patched and up to date.

By Amit Nath

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Information security, identity, as well as privacy are perennial hot topics today, as the world is witnessing high-profile cyber attacks and actual atrocities that have focused businesses attention towards data protection, encryption, and privacy as never before. Every year brings its crop of damaging hacks, brought about by an evolving arsenal of cyberattack techniques, which the security industry strives to defend with existing tools while gathering intelligence on new vulnerabilities.

Users are also part of the problem, as their careless or malicious online behaviour can create exploitable opportunities for hackers, or directly result in security breaches. And as a result of these security breaches, it's clear that businesses and other organisations are regularly losing large amounts of confidential data to increasingly well-organised cybercriminals.

Looking at the vulnerabilities / gaps that make businesses soft targets for cyberattacks, modern day malwares are best in exploiting such situations. As per the industry reports, premium-rate mobile malware, ransomware and Facebook-targeted malware caused chaos in the second half of 2014. However, the most notable trend of the six months was the proliferation of "vulnerability-leveraging malware' such as the increasingly popular Angler and Astrum exploit kits. 'Exploit kits' are a form of attack that target existing vulnerabilities. These tool kits are planted on websites and exploit vulnerabilities found on a visitor's device to drop malware on the machine.

India in the crosshairs

Hackers are using various malwares like Botnet, Ramnit and Autorun to hack into various devices to steal data, banking credentials, cookies and other vital information. For example, in the recent Europol takedown (February 2015) of the Ramnit botnet infrastructure where 3 million computers were believed to be infected, India was on top of the list. Ramnit stole banking credentials, cookies and other kinds of personal information from the machines it infected, while it could also open backdoors for ransomware and steal FTP credentials.

Research also indicates that India is also one of the top 3 countries infected with Autorun infection. Autorun is a family of worms that spreads mostly via infected removable and hard drives, and can perform harmful actions such as stealing data, installing backdoors and so on.

The fact that vulnerability-leveraging malware is increasingly dominant among detections means that there are a lot of unpatched operating systems and third party applications and software – and these are easy targets. Our earlier studies show that about 80% of top 10 malware can be easily avoided with updated software. Yet, in many enterprises, software systems continue to be left unpatched, leaving the business environment open to attacks.

With the number of attacks targeting existing software vulnerabilities still increasing, it is more important than ever to keep all your software patched and up to date. And as India becomes more digitally enabled, one expect global cybercriminals to increase their attention towards India.

Growth of Ransomware as a whole

Ransomware, as the name implies, is a form of malware, and thus can be blocked on PCs by any anti-virus or anti-malware engine that correctly signature-matches the malicious code. But many related attacks - often launched via phishing e-mails, fake downloads, and malicious URLs - originate with crimeware toolkits, which can exploit any one of a number of vulnerabilities to instal malware. Furthermore, by the time any ransomware is detected, an infected PC may already have played host to malware designed to steal financial details, launch distributed denial-of-service attacks or relay spam.

In today's date, ransomware is the most prominent kind of digital threat and also one of the fastest growing classes of malicious software. In recent times, it has evolved from simple screen blockers demanding payments to something far more dangerous. For example, independent research conducted in 2014 estimates that a file-encrypting ransomware called CryptoWall, infected over 6,00,000 computer systems in just six months, held over 5 billion files hostage -- earning its creators more $1 million. This is the new world of cyber kidnapping where your information is kept hostage and destroyed if you do not comply to the ransom demands. Tactics have ranged from threatening but harmless pop ups purporting to be from law enforcement agencies demanding fines, to the more malicious and damaging tactic of encrypting the victim's files in an attempt to force users to pay to have the files returned.

There is a significant increase in the amount of malware designed to extort money from unsuspecting PC as well as mobile phone users. Malware such as premium SMS message sending trojans and ransomware continue to spread, making them a notable presence in today's digital threat landscape.

In addition to older threats such as Cryptolocker and CryptoWall, new families such as CTB-Locker and SynoLocker has emerged as PC-targeted menaces. The emergence of the SynoLocker family, which infects network attached storage (NAS) devices, is also a clear indication that malware developers are expanding their products' targeting capabilities.

This current crop of ransomware typically encrypts files held for ransom, making them effectively impossible to recover without the decryption key held by the attackers. The extreme difficulty in decrypting affected files without a decryption key, and the various thorny issues involved in paying a ransom (especially if a business is affected), makes ransomware a particularly difficult threat to resolve.

The defence strategy

Given the rapid spread and potentially high cost of ransomware, it is important to take effective steps guard against this menace. It would be great if one could rely on law enforcement agencies to do the job, but that is not a realistic expectation. If one is hit and can't recover the data, businesses think it is best to pay the ransom. But that just gives the criminals more money for future attacks. Enterprises must hence take steps ahead of time to ensure that one does not become a victim in the first place.

This requires a complete, defence-in-depth strategy. A simple step to start with is making sure that every piece of software is kept up to date. The hackers are looking for vulnerabilities they can exploit to take over systems. Vendors generally do a good job of patching any flaws once they are found, but if the patches are never applied you have left the door wide open for attacks. CIOs can take a look at automatic patching tools that can make this much easier for the IT admins. These tools can enable automatic updates and offer protection against emerging security threats.

Organizations should also ensure that every device that connects to the company's network is secured. This includes employees' smartphones, tablets, laptops and home computers. Protection should comprise anti-malware and/or whitelisting software as well as establishing secure policies such as not allowing programs to auto-instal, blocking ports, web filtering, share access restrictions, and encryption of data. However, the major focus of the organisations should be on backup and user training. Real-time or near-time backup can be an effective countermeasure to minimise the damage caused by ransomware if an infection ever occurs. The infected device can be thoroughly wiped and all applications and data can be reloaded.

Beyond PCs, ransomware attackers have also been targeting Android devices. On Android, the Koler and Slocker ransom-trojan families have also been busy increasing their count of variants, making them the largest ransomware families on that platform. To defend against these types of attacks, organisations need to ensure that employees with Android devices are using anti-malware tools. Many such tools now also include cloud-based backup capabilities, so infected devices can be wiped and restored, which many security experts say is the only reliable way of eliminating infections.

In summary, it is very essential that security heads put a plan in place to defend corporate data - residing on PCs, servers, network shares, smart phones and cloud-based services - against ransomware attacks. But a better approach is to make sure you never get infected in the first place.
Amit Nath

Head of Asia Pacific (Corporate Business), F-Secure

Amit Nath, with his capacity to plan strategically coupled with his operational competence, spearheads the business growth of F-Secure in Asia Pacific (APeJ)

Amit has over 17 years of IT industry experience across different verticals like Sales, Marketing, Operations, Program Management and Management functions. He has a deep understanding of the IT security business backed by his unique ability to connect the dots from strategy to tactics. He is responsible for positioning F-Secure as a strong and channel–driven Security Company in Asia Pacific.

He is known in the industry for his track record with customers, strategic thinking, passion for excellence and perfection. He has also had a good exposure in developing businesses across geographies.His deep understanding of managing & developing ‘Value & Volume’ channels ensure excellent channel experience for F Secure partners.

Prior to joining F Secure, Amit Nath served as Regional Director, India & SAARC at Positive Technologies. He has been associated with Trend Micro as Country Manager India and SAARC. In his earlier roles, he has also worked as RSM North at Dell India, Regional Account Manager - GCP based in Kuala Lumpur at Dell and Global Program Manager - India & APAC (Global Accounts) at Dell.

He holds a BE Mechanical degree with an MBA from Symbiosis Institute of Management Studies. He furthered his qualification with an Executive Program from National University of Singapore.

A recurrent commentator in media, he has written and spoken extensively on information technology, security industry issues and upcoming technologies. As an industry veteran, he has been sharing his domain knowledge and growth strategies as a guest speaker at various CIO / CSO / Channel focused industry forums as well. 

Science & Technology

The Deepfake Threat is Real. Here Are 3 Ways to Protect Your Business

The rising use of deepfakes is a growing threat to businesses and society as technology advances. Here are three tips for companies to combat this threat.


5 Ways ChatGPT Will Impact Digital Marketing

ChatGPT is creating ripples across the digital landscape right now. Here are five ways it can benefit your ads, campaigns and marketing strategies.

Science & Technology

How Can Marketers Use ChatGPT? Here Are the Top 11 Uses.

With the recent developments in AI and the popularity of ChatGPT, you may want to integrate AI into your marketing practices. Find out how.

Business News

Apple Is Working on Making Its $3,499 Vision Pro More Affordable — and Mainstream. Here's How.

Apple's product is at least three times more expensive than Meta's version.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

News and Trends

Cedar-IBSi Capital Secures Major LP Commitment from HFPCG for FinTech VC Fund

With an initial cheque size of INR 4–10 crores (USD 500k–1 million), Cedar-IBSi Capital will seek to invest in around 15 early-stage BankTech-focused startups in their Seed-Series A rounds.