Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/28/2016
12:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Ransomware Rages On

[Black Hat Europe 2016 Sponsor Content: iboss Cybersecurity]

A hunger for profit drives ransomware’s growth. This year the cost of ransomware may reach 40-times that of last year, according to data from “Hackerpocalypse: A Cybercrime Revelation,” a report from the Herjavec Group.

Attackers use ransomware to profit quickly, easily, repeatedly, and anonymously. Whether you pay or not, you stand to lose something. You’re either out the funds and on the list for more attacks, or you’re punished for standing fast. Penalties for nonpayment include deleting, publishing, and selling your data (to other hackers) and launching DDoS attacks designed to bring your site down.

Though ransomware is evolving, attack vectors point to workable solutions that are available now.

Ransomware Evolution

Before enterprises figure out how to mitigate the ransomware that currently exists, attackers have already taken the next step in evolving this threat, making it more perplexing, commonplace, and malicious. As countless new examples routinely appear in the marketplace, ransomware takes on new capabilities and adds complexities that confound security companies. Recently, malware coders supplemented Locky ransomware with the capacity to encrypt files inside servers and computers without an Internet connection, using a built-in encryption mechanism.

Still other malicious software developers have made a Ransomware-as-a-Service offering available with an affiliate program for distributors; it is now easier to resell ransomware to other criminal hackers, further popularizing these attacks. As ransomware proves its viability for operating systems such as Android and devices in the Internet of Things, the attack surface broadens and the potential results of attacks become more venomous.

Attack Vectors Point to Protection Methods

Cyber crooks send ransomware using these methods, among others:

· email using infected links and attachments;

· drive-by attacks where unsuspecting employees surf to infected websites or click on malicious advertisements (called Malvertising);

· hacked remote desktop servers where they then trigger the ransomware attack. This last method that was only recently discovered.

For email and drive-by attacks, organizations should consider anti-spam tools that require manual confirmation from a human being before letting email through. They should also look into blocking all email attachments and using other more secure file transfer methods and deploy a best-in-breed anti-phishing tool. Other strategies should include using text-only email, teaching employees the signs of infected links, and continually updating blacklists of known bad sites and/or use whitelists of known good sites.

It’s equally important to close up remote desktop servers if you don’t use them or heavily constrain remote desktop access using long, strong passwords and two- and three- factor authentication, changing passwords often.

Use Every Layer of Protection Possible

Ransomware is now a popular, effective, and profitable approach that cyber criminals increasingly insert or inject into attacks by a variety of means. Remote desktop server attacks are a good example of this as these attacks are a diversion from more traditional drive-bys and email. Because of this, your justification for using every layer of protection available, for tightening down every configuration, for hardening every system, and for following and enforcing every policy now also include ransomware.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-0338
PUBLISHED: 2022-01-25
Improper Privilege Management in Conda loguru prior to 0.5.3.
CVE-2022-23935
PUBLISHED: 2022-01-25
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check.
CVE-2021-46481
PUBLISHED: 2022-01-25
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
CVE-2021-46482
PUBLISHED: 2022-01-25
Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.
CVE-2021-46483
PUBLISHED: 2022-01-25
Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.