The only thing holding threat actors back is the return on investment which may only be a ticking time bomb waiting to explode.
The only thing holding threat actors back is the return on investment which may only be a ticking time bomb waiting to explode.

ESET researchers predict the next step in the evolution of ransomware is “jackware” or ransomware designed to target connected devices subsequently creating a ransomware of things (RoT).

ESET Senior Researcher Stephen Cobb argues the insecure nature of internet of things (IoT) devices and the growing prevalence of ransomware are the ingredients or the perfect storm for cybercriminals looking to make a quick buck, according to a Jan. 25 blog post.

Cybercriminals could use jackware by threatening to DDoS or lock down critical devices until the user pays up, Cobb said in the post. And although there haven't been any documented cases of cybercriminals using jackware, their certainly have been opportunities such as the 2015 Jeep Grand Cherokee hack, the 2015 VTech data leak, infrastructures issues affecting Fitbit last year, and most recently a DDoS attack halting water services in Finland.

Any one of these vulnerabilities could have provided an opportunity for cyber crooks to make a quick buck if the right blackhat hacker discovered any of these issues before it could be reported and patched.

“Fortunately, and I stress this: jackware is, as far as I know, still theoretical. It is not yet ‘in the wild',” Cobb said in the post.

The only thing holding threat actors back is the return on investment which may only be a ticking time bomb waiting to explode.

“The catalyst is simply return on investment,” ESET Security Researcher Lysa Myers told SC Media. “The cost of entry for criminals to learn to program attacks on a wider variety of devices is not insignificant, but there may come a point where someone gets sufficiently motivated (by curiosity, greed, or pride for example) to create a simple-to-use kit that enables a wider variety of miscreants to be able to perform these attacks.”

Myers predicts there are a couple types of devices that threat actors will want to pursue in the RoT including those which are able to be hijacked covertly to create DDoS attacks, and those which can be hijacked overtly to inconvenience someone enough to motivate payment.

“The covertly-attacked devices would be those that are connected to the internet in a way that they become functionally invisible in our day-to-day lives,” Myers said. “We tend not to give much thought to the functionality of our routers, DVR machines, and security cameras, and as a result many people don't keep up with protection on those devices.”

Items more likely to be overtly attacked would most likely be Internet-connected appliances, “Smart” home automation, cars, etc.

She said that interrupting someone's ability to control the comfort of their home, their ability to do the normal tasks of daily life like getting to work or doing laundry may not seem like a big deal but it could be just enough of an inconvenience to motivate people to pay.

The ever increasing adoption of mobile and IoT into everyday society will also provide a catalyst for the creation of jackware attacks, Paul Calatayud, chief technology officer at FireMon told SC Media.

“As we become more dependent on these technologies in our daily lives, the impact when they are not behaving correctly will be felt even more, thus making the value proposition of jacking and taking over these devices more compelling to the hacker community,” Calatayud said. “Think of self-driving cars. Today, it's an edge case limited to a few car manufacturers and consumers willing to buy these high end cars.”

As more of these vehicles become available for personal use, and as companies like Uber adapt these technologies on a larger scale there will be a lot more opportunities for cybercriminals to cause harm, he said.

Experts agree that jackware style attacks could have a huge impact on enterprises, despite ransomware often being an end-user inconvenience.

“In an enterprise file share environment, the real cost of ransomware is downtime and lost productivity,” Imperva Director of Product Marketing Ajay Uggirala told SC Media.  “Even if victims have backup files or are willing to pay the ransom, the costs associated with productivity downtime adds up quickly.”

Uggirala added the availability of ransomware-as-a-service combined with high profits for the attackers mean ransomware attacks are likely to escalate in 2017.

In order to prevent, significant improvements must be made to secure platforms in the technical sphere, although many of these features will most likely add significantly to the costs of products. Also policies must be implemented to legislation to secure critical infrastructure and to support best practices and ensure they are followed, Cobb said in the post.