As ransomware crews mature and make more money, they're exhibiting more patience. They're more willing to invest in research and experiments. So much so, that Derek Manky, Chief at Fortinet’s FortiGuard Labs, is coining these groups as "APCs", or "Advanced Persistent Cybercrime". We discuss a number of predictions that defenders need to start watching out for, including:
- Destructive attacks: rather than go to the trouble of encrypting data, attackers may start threatening to simply wipe systems, or even damage hardware (which could really hurt in the midst of a chip shortage and shipping crisis!)
- Extortionists do their homework and know how to price ransoms. They know how much revenue their victims are losing each day. They know their victims' cyberinsurance coverage before they attack.
- Microsoft's Windows Subsystem for Linux (WSL) introduces new attack surface that Windows admins might not think to protect.
- 5G adoption makes it more feasible to Internet-enable all kinds of devices that haven't been networked before. Operational technology that currently requires expensive service calls (e.g. 'rolling a truck') for repair may be fixable over an Internet link in the near future.
- Along with 5G, broadband satellites could introduce some new attack surface.
- Attackers follow the money, and a lot of it is in digital currency these days. We've already seen attacks against cryptocurrency wallets and exchanges, and this trend could explode in the coming years.