Incident Response, Network Security, TDR

Expect more ransomware and ‘extortionware’ in 2015

With 2014 rapidly coming to a close, it's time to look to the future and consider the potential industry challenges we'll be facing in 2015. While we can expect to see the return of some of the issues we faced in 2014, there are still a number of new threats that we need to be aware of in the year to come.

Muleware madness
Unlike malware, muleware solicits the participation of the user and offers incentives to play a small role in the attack campaign. Up until this point, cybercriminals have attained their resources by exploiting and compromising devices. But wouldn't it be more efficient and much more profitable to pay for these resources and turn thousands of would-be victims into part of the attacker's supply chain? I envision that this new form of muleware will be based on the anonymity of TOR networking and commerce conducted via cryptocurrency such as Bitcoin. Marketplaces will connect the demand with the supply and cybercrime will rise to an entirely new level, a level that we are not prepared to defend against. 

Re-authentication weaknesses

The good news on this front is that authentication methods are getting stronger and the adoption of two-factor authentication is defeating historical brute-force password attacks. The bad news is that attackers are innovating and finding weaknesses in the re-authentication processes where standards are not widely adopted and one service provider's metadata may be used as another service provider's validation secrets. 

In 2012 we watched as tech journalist Mat Honan was compromised, costing him the loss of his digital journal. And in 2014, we saw call-forwarding features were used to subvert Google's two-factor authentication. In both cases, the attacker posed as the victim claiming they were locked out of their account. Some systems use a series of questions to re-authenticate while others require you to disclose private information. But it appears that a very persistent and irate customer can almost always get their way, which is a problem when that person is the attacker. 

In 2015, we will see a rise in this type of reflective re-authentication attack as hackers look for weaknesses along the authentication chain. Authentication systems in general focus on validating users, but when that user is in a state of recovery because they have been locked out for some reason, there is just too much flexibility in getting this unauthenticated user back to an operational state. Until these methods are strengthened, attackers will continue to abuse them.

Ransomware expansion
Ransomware remains profitable, and cybercriminals are always looking for areas to grow their business.  To date, victims have mainly been individuals with data from their computers or smartphones being held for ransom. But the one industry at great risk here is health care. Three factors make it a highly attractive target for ransomware expansion in 2015 – the mandate to move to electronic records, the sensitive nature of health care data, and the immaturity of the information security practices that exist in the health care industry today. This is a scary notion because we rely so heavily on the availability and accuracy of patient records. The cost of a compromise could range from an inconvenience to loss of life.

Targeted extortionware
Ransomware has mainly been about holding your data captive through encryption, and unless you pay within a window of time – typically 48 hours – your data will be erased and you will not see it again. This would not matter if you had things backed up properly, but that remains to be a problem for everyone.

Extortionware is an expansion on ransomware whereby unless you pay a certain amount to the attacker, the data will be made public for all to see (or for more targeted disclosure). What if the data contains evidence of infidelity, for example? The list of possible incriminating data goes on and on, but you can see how this differs from ransomware. Much like spear phishing, this attack will be much more targeted, but attackers will yield a higher take per victim, and those victims are less likely to involve law enforcement due to the sensitive nature of the data. 

As I stated last year, while all of this is truly frightening, the good news is that security technologies and best practices are constantly improving as well. It is up to all of us to stay on top of the latest attack trends and continuously update our security strategies and arsenals to respond more effectively.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.