Skip to main content

Ransomware: Prepare for hackers launching even more destructive malware attacks


The 'wiper' ransomware used in state-backed attacks like NotPetya is gaining round among cyber criminals, warns EU law enforcement annual cybercrime report.
The threat from ransomware continues to grow and it's possible that the file-encrypting malware attacks could become far more destructive as cyber criminals evolve and change their tactics.
European law enforcement agency Europol's annual cybercrime report – the Internet Organised Crime Threat Assessment (IOCTA) – lists ransomware as the most widespread and financially damaging cyber attack, despite a decline in the number of ransomware incidents.
However, cyber criminals are becoming more efficient, picking and choosing their targets with the aim of causing the highest amount of damage possible to organisations in order to demand much higher ransomware. To emphasise this – although without providing specific examples - the report details how in some cases, the ransom demanded is in excess over one million Euros.
But while ransomware in its current state is predominantly a means of making money for cyber criminals, the Europol report warns there's a risk of cyber criminals deploying ransomware attacks as a means of pure sabotage, something private companies are growing fearful of.
The NotPetya attacks of 2017 showed how much damage can be done by a destructive cyberattack of this kind: in some cases it led to large companies having to almost entirely restore their network from scratch, suffering large amounts of downtime and large financial costs as a result.
NotPetya looked like ransomware but the group behind it had no interest in receiving ransom payments, the motivation behind the attack was pure destruction. The target for this destruction was Ukraine, but the attack got out of control and spread around the world.
This kind of attack has predominantly been associated with nation-states – the Russian military has been accused of being behind NotPetya - however, the report warns that cyber criminals are increasingly incorporating wiper-style attacks as part of their campaigns.
A form of this ransomware attack emerged earlier this year. Named GermanWiper the ransomware hit organisations across Germany with attacks which didn't encrypt files, but rewrote the files to destroy them.
Ultimately, it meant that even if a user paid the ransom, they wouldn't get their files back at all – unless they had offline back-ups
Ransomware itself may have changed but the methods for distributing it have stayed the same over the last year: phishing emails and remote desktop protocols (RDPs) are the primary infection vectors of the malware.
Often, the attackers pushing ransomware are doing so with the aid of known vulnerabilities for which vendors have already issued security updates. Because of this, Europol stresses the importance of patching, especially when it comes to critical vulnerabilities.
The report notes that almost one million devices still haven't been patched against the powerful BlueKeep vulnerability, leaving networks open to attacks using the exploit.
The message from Europol is clear – ransomware and other cyber attacks won't be disappearing any time soon, especially if cyber criminals are able to take advantage of known vulnerabilities and old attacks.
"This year's IOCTA demonstrates that while we must look ahead to anticipate what challenges new technologies, legislation, and criminal innovation may bring, we must not forget to look behind us," said Catherine De Bolle, executive director of Europol.
"New threats continue to emerge from vulnerabilities in established processes and technologies. Moreover, the longevity of cyber threats is clear, as many long-standing and established modi operandi persist, despite our best efforts. Some threats of yesterday remain relevant today and will continue to challenge us tomorrow," she added.
There is one threat which appears to have almost dropped off the radar compared with its position in last year's report: cryptomining. The 2018 IOCTA warned about the rise of cryptocurrency mining malware, even suggesting that it "may overtake ransomware as a future threat".
However, while cryptomining attacks still do occur the number of attacks has declined – especially since the closure of Coinhive in March this year. Now, aside from exceptional cases, cryptomining is described as "a low-priority threat for EU law enforcement" moving forward as other current and future threats are combated.
"The global impact of huge cybersecurity events has taken the threat from cybercrime to another level. At Europol, we see that key tools must be developed to keep cybercriminals at bay. This is all the more important, considering that other crime areas are becoming increasingly cyber-facilitated," said De Bolle.

Comments

Post a Comment

Popular posts from this blog

Facebook updates iOS app to fix issues that let the camera open in the background

The issues were first reported this month This month, some users of Facebook’s iOS app  found that  that, in at least two situations, the app appeared to be activating the camera in the background without a user’s knowledge. Facebook said yesterday that it was submitting fixes for the issues to Apple, and the company tells us that, as of this morning, the updated app is now available for download on the App Store. I’ve downloaded the update to my iPhone 11 Pro, and I can’t get the camera to accidentally activate in either of the scenarios that were reported — but I also couldn’t get it to activate yesterday, so I can’t personally confirm that the issues are fixed. But if we take Facebook at its word that everything is resolved, it’s nice to see that the company acted quickly. Article reference:  https://www.theverge.com/2019/11/13/20963791/facebook-issue-fix-camera-open-background-update-ios-app-store
Post a Comment
Read more

WhatsApp Users Exchanged Over 100 Billion Messages on New Year’s Eve, A New Record

WhatsApp is one of the most widely used communication apps on the planet and as such, clocks an insane number of messages and media exchanges on a daily basis. But the New Year's Eve broke a record that has been standing since WhatsApp's debut a decade ago. WhatsApp has revealed that users exchanged over 100 billion messages on New Year's eve. And out of that number, more than 20 billion messages were shared by Indian users alone. Moreover, around 12 billion out of the 100 billion+ messages shared on the platform were images. WhatsApp wrote in a press release that over 100 billion messages were shared globally on December 31 in the 24-hour duration leading up to the midnight of New Year's Eve. This is a record-breaking volume and is the highest number of messages exchanged in a single day ever since WhatsApp kicked off its services ten years ago. Out of those 100 billion+ messages shared on New Year's eve, WhatsApp says over 12 billion were images. Meanwhile...
Post a Comment
Read more

Lebanese Protesters Are Using This ‘Bridgefy’ Messaging App - What is it?

Bridgefy is an offline messaging app that lets you communicate with friends and family when you don't have access to the Internet, by simply turning on your Bluetooth antenna. Due to WhatsApp outage and the poor internet services, a new offline messaging app known as Bridgefy has started to gain traction among Lebanese protesters. The people are recommending using this app in case there is a shutdown of internet services. Did you know that: 1 billion people aren’t covered by 3G or 4G networks. 3.3 billion people live in areas where the mobile Internet can be accessed but remain without a mobile Internet subscription. 1 billion people own a smartphone but don’t own a data plan. 40% of the world population is forecast to remain unconnected by 2025. These numbers represent huge amounts of potential users that aren’t being reached by mobile apps. Bridgefy keeps your app working even when people do not have access to the Internet. T...
Post a Comment
Read more