Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

End of Bibblio RCM includes -->
9/28/2016
12:00 PM
Black Hat Staff
Black Hat Staff
Event Updates

Ransomware Rages On

[Black Hat Europe 2016 Sponsor Content: iboss Cybersecurity]

A hunger for profit drives ransomware’s growth. This year the cost of ransomware may reach 40-times that of last year, according to data from “Hackerpocalypse: A Cybercrime Revelation,” a report from the Herjavec Group.

Attackers use ransomware to profit quickly, easily, repeatedly, and anonymously. Whether you pay or not, you stand to lose something. You’re either out the funds and on the list for more attacks, or you’re punished for standing fast. Penalties for nonpayment include deleting, publishing, and selling your data (to other hackers) and launching DDoS attacks designed to bring your site down.

Though ransomware is evolving, attack vectors point to workable solutions that are available now.

Ransomware Evolution

Before enterprises figure out how to mitigate the ransomware that currently exists, attackers have already taken the next step in evolving this threat, making it more perplexing, commonplace, and malicious. As countless new examples routinely appear in the marketplace, ransomware takes on new capabilities and adds complexities that confound security companies. Recently, malware coders supplemented Locky ransomware with the capacity to encrypt files inside servers and computers without an Internet connection, using a built-in encryption mechanism.

Still other malicious software developers have made a Ransomware-as-a-Service offering available with an affiliate program for distributors; it is now easier to resell ransomware to other criminal hackers, further popularizing these attacks. As ransomware proves its viability for operating systems such as Android and devices in the Internet of Things, the attack surface broadens and the potential results of attacks become more venomous.

Attack Vectors Point to Protection Methods

Cyber crooks send ransomware using these methods, among others:

· email using infected links and attachments;

· drive-by attacks where unsuspecting employees surf to infected websites or click on malicious advertisements (called Malvertising);

· hacked remote desktop servers where they then trigger the ransomware attack. This last method that was only recently discovered.

For email and drive-by attacks, organizations should consider anti-spam tools that require manual confirmation from a human being before letting email through. They should also look into blocking all email attachments and using other more secure file transfer methods and deploy a best-in-breed anti-phishing tool. Other strategies should include using text-only email, teaching employees the signs of infected links, and continually updating blacklists of known bad sites and/or use whitelists of known good sites.

It’s equally important to close up remote desktop servers if you don’t use them or heavily constrain remote desktop access using long, strong passwords and two- and three- factor authentication, changing passwords often.

Use Every Layer of Protection Possible

Ransomware is now a popular, effective, and profitable approach that cyber criminals increasingly insert or inject into attacks by a variety of means. Remote desktop server attacks are a good example of this as these attacks are a diversion from more traditional drive-bys and email. Because of this, your justification for using every layer of protection available, for tightening down every configuration, for hardening every system, and for following and enforcing every policy now also include ransomware.

 

Comment  | 
Print  | 
More Insights
//Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786
PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849
PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193
PUBLISHED: 2023-02-04
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.