Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 29 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Predicting 2015 – the evolution and increase in ransomware

by The Gurus
January 2, 2015
in Opinions & Analysis
Share on FacebookShare on Twitter

In the last blog I wrote for 2014, I looked at some of the common prediction trends that the various vendors and analysts had sent to me.
 
In that article, I identified 15 trends for information security, ranging from identity management changes to connected devices to better collaboration between the dark and light sides of the industry.
 
On Tuesday 6th January, analyst Richard Stiennon and researcher Tom Cross will join me in an online discussion at 4pm GMT on these and other 2015 predictions (https://www.brighttalk.com/webcast/11399/138375). But with such insight in my inbox, I am going to look at some of the more interesting predictions a bit closer.
 
For this first blog, it is the theme of ransomware. This vein of malware was not especially new; I recall conversations going back several years where there were reports of ransomware infecting and affecting users.
 
The trend really stepped up in 2014 though, with Cryptlocker, CryptoWall and TorrentLocker all hitting businesses and consumers hard and spreading the fear of infection beyond the IT department. Interesting research by ESET found that some people were prepared to pay the fine, but it is likely that fear enabled payment.
 
For the evolution of the ransomware trend, the predictions seemed to suggest that the next logical next step for ransomware creators is to say “how can I increase value from my victim?” Blue Coat Systems predicted that the next real targets will be small businesses or small Government organisations, effectively entities with hundreds of thousands of pounds in their bank accounts.
 
Lancope claimed that there is one industry at great risk here – healthcare. “Three factors make it a highly attractive target for ransomware expansion in 2015 – the mandate to move to electronic records, the sensitive nature of healthcare data, and the immaturity of the information security practices that exist in the healthcare industry today,” it said.
 
Frightfully, it claimed that the cost of a compromise could range from an inconvenience to loss of life. If a business is not sufficiently backing up its databases and systems or is not preparing staff to not click on suspicious items, then there is a significant danger that the fear, uncertainty and doubt around ransomware will remain a genuine threat.
 
One area that both Lancope and Proofpoint suspected would be a “growth area” for ransomware is into the area of “cyber extortion”. Proofpoint claimed that cyber extortion schemes will increase in scope, sophistication, and – following the example of the Destover malware – destructiveness.
 
“Attackers will become smarter and more targeted in their efforts to extract ransoms from the systems and organisations they have compromised by varying their ransoms based on the value of the system and data to the organisation,” it said.
 
“Not only will organisations have to adapt their backup and recovery programs to account for this threat, but they will need to become even more effective at detecting and rapidly responding to potential infections in their environment as soon as possible after they occur.”
 
Lancope claimed that this will develop into “targeted extortion-ware”, effectively an expansion on ransomware whereby unless you pay a certain amount to the attacker, the data will be made public for all to see. “Much like spear phishing, this attack will be much more targeted, but attackers will yield a higher take per victim, and those victims are less likely to involve law enforcement due to the sensitive nature of the data,” it said.
 
With stories such as the iCloud attack hitting notable people and revealing things that they would rather keep private, surely this comes down to personal security? If your settings and security software is good enough for your device, can you guarantee it is the same for third party services? If not, what are your options to protect yourself?
 
It is a tricky one to solve, and one that has the capability to become true. Other predictions saw a consistent move for ransomware to the cloud and mobile devices. McAfee claimed that ransomware will evolve its methods of propagation, encryption and the targets it seeks, and as a result, more mobile devices are likely to suffer attacks.
 
Also, Watchguard predicted that malware will jump to mobile devices is not new, but until now, it has not been particularly damaging. “In 2015, expect mobile malware to have more teeth, for example with customised ransomware designed to make your mobile unusable until you pay up,” it said.
 
FireEye claimed that mobile ransomware will enable attackers to steal cloud accounts and encrypt the data, as attackers turn their attentions to mobile in 2015. Likewise, McAfee predicted that ransomware variants which evade security software will specifically target endpoints that subscribe to cloud-based storage solutions.
 
“Once the endpoint has been infected, the ransomware will attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data,” it said, saying that it expects the technique of ransomware targeting cloud-backed-up data to be repeated in the mobile space.
 
If the interest is in mobile devices, then the prediction from AdaptiveMobile is quite telling. It claimed that the rise of ransom-based monetisation strategies with Koler, where infected phones were blocked by a fake law enforcement notification saw a new level of sophistication in the threat. “The combination of new propagating and monetisation techniques seen in 2014 making mobile malware a growing threat in the year ahead,” it said.
 
As with most malware predictions, things will get worse and hit the mobile platform eventually. We’ve seen it with viruses, worms and ransomware seems the logical next step. In 2014, Facebook passed the one billion user mark for its mobile apps, while Barclays Bank – rated as having the best mobile banking app, claimed to have over two million registered users, with almost half logging in daily.
 
So if 2015 will be the year the small shiny in your hand falls under the control of attackers, what are the solutions? FireEye recommended that businesses should consider the value they get from cloud-based data protection services and the privacy implications of letting a third party manage their data. Elsewhere it seems that education of employees both in and out of the workplace is the best tactic, and regular back-ups.
 
 
For a more in-depth conversation, join me with analyst Richard Stiennon and researcher Tom Cross on 6th January at 4pm GMT for a discussion on this and other 2015 predictions here –https://www.brighttalk.com/webcast/11399/138375

FacebookTweetLinkedIn
Tags: CloudMalwaremobilePredictionRansomware
ShareTweet
Previous Post

Facebook to update privacy details, offers Basics guide for secure use

Next Post

Lizard Squad members arrested following PlayStation and Xbox attack

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information