In 2018, think of cybercrime as a business. And like most businesses, cybercriminals have strategies, targets and processes to stealing or ransoming your organization’s data.
This year, there has been a major divergence in how ransomware operates. One very common type of ransomware uses the ransomware as a service (RaaS) model. In Raas, criminal masterminds that have devised and crafted malicious software let others (many of which may not have a clue how to code or design effective malicious applications) use their programs for small fees.
With Raas, the mastermind of the code takes a small percentage of every transaction that takes place using the software. You can think of this model as franchised cybercrime. This type of attack is sending out a huge net with hopes to snag many small paydays.
The other very popular ransomware is related to targeted attacks. In this situation, cybercriminals research your organization and tailor their attacks to penetrate your network and extort your organization for bigger sums of money.
Targeted attacks often strike multiple times on the same organization (if a criminal knows you’ve paid a ransom, they are more likely to retarget you again and again in hopes of another big pay day). Some of the biggest and most devastating attacks to date have been targeted attacks—think the city of Atlanta, among other local governments, non-profits and businesses of all sizes.
The reason behind this evolution of cybercrime stems from the fact that purely generic attacks don’t work anymore. Organizations have gotten better at detecting generic phishing attacks and have taken more precautions on their network [Note: what protected against ransomware attacks 10 years ago is insufficient to protect you against attacks in 2018!].
The use of RaaS in delivering malicious code and infecting networks helped malicious coders to purely focus on what they’re good at—designing and devising ways to break onto networks. Cyber hackers are now more focused than before, not having to worry about actually implementing the attacks and repeating the same attack over and over again.
These hackers have henchmen willing and at the ready to own the actual attack. All they have to do is what they do best—finding the most effective ways to break into your network and lock down your files (something they are highly passionate about).
Cybersecurity experts have been warning that 2018 could be the worst year yet for cyberattacks and have forecasted devastation from RaaS-type attacks to continue into 2019.
As for targeted attacks, we’ve seen more and more criminals doing their homework and successfully breaking into networks large and small—even if someone’s invested money into security. One of the biggest hitters this year has been SamSam viruses.
SamSam, among other types of targeted viruses, have made penetration into networks hard to recover from without adhering to ransom demands.
These targeted attacks first breach your network, gain reconnaissance on your network infrastructure (how things are laid out and what specifically is connecting to your network), and then when you least expect it awakes from its dormant state of purely observing to a full-blown attack, locking down files and databases and crushing your operations.
While public record of SamSam and other ransomware attacks is limited (there aren’t that many organizations that actually are required by law to announce attacks in their facilities and only are forced to announce their breaches and attacks in very serious situations), rest assured cyberattacks of the types I outlined above are on the rise.
Your biggest concern for 2018 and beyond?
Ransomware has become scalable. By that I mean that attackers are stealthily targeting non-profits and for-profit businesses alike and they’re finding systematic processes and procedures to automate and exploit organizations at exceedingly high rates. Their campaigns are snagging folks from all backgrounds. In fact, some of their campaigns are so effective, even IT support teams have been falling for scams or lack the capacity to both protect and support your networks (if you’re unsure that your network is adequately protected, consider a free network security assessment).