A Brief Explanation Of Ransomware and Phishing
Ransomware attacks have increased significantly since 2016, demonstrating a dramatic shift in how threat actors are utilizing and monetizing phishing attacks. Ransomware is a type of malicious software that blocks access to a computer or its data and demands money to release it. A phishing attack or scam is an attempt by a scammer to trick their victims into providing personal information such as bank account numbers, passwords, credit card information, etc. Ransomware tools are delivered in massive numbers through batches of phishing emails sent by a botnet (a network of secretly infected computers remotely controlled by cyber criminals) to millions of potential victims.
How Cyber Criminals Learn And Adapt
In May 2017, three major internet security incidents earned global media coverage and monopolized the attentions of information security professionals. The most notorious of these was WannaCry, a cryptovirus that exploited stolen NSA software to hack into millions of privately owned Windows computers in the USA and abroad. The speed with which the WannaCry attack spread within private networks and organizations both large and small came as a shock to most computer users and provided experts with sufficient evidence to recognize that the pace of innovation is increasing and evolving.
In addition to WannaCry, a fake Google Docs application and another ransomware attack known as Jaff further illustrate two important take-aways: first, these attacks tell us that holding data for ransom is still an effective way of doing business for cyber criminals. Second, the unique attack vectors used by the fake Google Docs application and WannaCry demonstrate that threat actors have been thinking creatively about their attack strategies.
Ransomware was used to great effect by both WannaCry and Jaff, infecting hundreds of thousands of computers in well over a hundred countries. WannaCry further adapted the traditional phishing model by reducing the infrastructure and resource expenditure typically required for infections of this scale. Virulence was a critical component of their attack strategies. The goal for both Jaff and WannaCry was to reach as many victims as possible in order to maximize the number of potential ransom payments.
Although the mechanisms used to spread the fake Google Docs application and the WannaCry worm were very different, both incidents harnessed relatively new attack vectors. The fake Google Docs incident capitalized on users' reliance on cloud-based services to propagate while WannaCry leveraged a vulnerability that had been disclosed by Windows only two months before. While these attacks all were stopped fairly quickly, their novel approaches will undoubtedly inspire future attacks. These three incidents also utilized phishing emails as an initial point of contact with their victims. By combining innovation with a tried-and-trusted attack vector, cyber criminals will continue to access sensitive data and hold it for ransom.
Thanks in part to these high-profile events, it's become clear that cyber criminals are adapting and combining traditional attack models with new phishing and the ransomware tools to great effect. Since these attacks have proven very successful, continued use of both can be expected as criminals learn from events like these. The challenge now is for security experts to study these attacks and develop an agile, adaptable security plans that include defense against new and existing risks.
To combat these new attack vectors and minimize damages, defenders must also adapt their security approach to these changes too. Flexible defense and response processes that incorporate protections at various stages of the attack life cycle are essential. This first step begins with the basics of regular patching and network hygiene by a trained IT professional. Educating email users to engage with messages critically and report suspicious or potentially-malicious emails to their IT expert is key. The threat landscape is constantly evolving but in the face of proactive and human-centered defense strategies, attacks like these can be overcome.
To discover what Shenandoah Valley IT can do to improve your business, contact us by phone (540) 346-4250 or email.