Email
Password
Remember meForgot password?
    Log in with Twitter

article imageReport: Digital extortion schemes are soaring Special

By Tim Sandle     Sep 20, 2019 in Technology
Digital extortion schemes have increased by 319 percent, according to a new report released by Trend Micro. Of these, business email compromise remains a major threat, with detections jumping 52 percent, as Greg Young reveals.
The new report - "Evasive Threats, Pervasive Effects: 2019 Midyear Security Roundup" - deep dives into the major threats and cyber risks for businesses, examines the security landscape during the first half of 2019 and uncovers insights that can help businesses protect themselves for potential threats moving forward.
Greg Young, VP of cybersecurity for Trend Micro provides Digital Journal readers with analysis.
Digital Journal: Are digital extortion schemes increasing?
Greg Young: Ransomware attacks specifically have been on the rise from the beginning of this year, unlike statistics from last year, which show otherwise. While there are various factors at play here, the primary reason is the shift in key groups from being developers and sellers of exploit kits (a collection of exploits, bundled up and used by less skilled cybercriminals to carry out attacks) to becoming cybercriminals/attackers themselves. Further, ransomware offers a “quick fix” compared to profits from cryptomining which were slower to process, and fluctuations in bitcoin pricing and related digital currencies made it a method of extortion with unpredictable profits.
DJ: Where are these schemes originating from?
Young: Attribution to where these digital extortion schemes are originating is always difficult to pinpoint, but we have our suspicions. Trend Micro has seen a link to a few areas of state-sponsored organizations, particularly in parts of East Asia, where individuals that work for state sponsored organizations during the day, turn to ransomware cybercriminals by night to supplement their income. Regardless of where these schemes may originate from, it doesn’t change how we react to an attack.
DJ: How do business email compromises occur?
Young: Business Email Compromise (BEC) is a complex combination of technology, human engineering and multiple aspects, leading to highly successful attacks, and can be difficult to identify. BEC is primarily targeted at the ‘big fish’ – senior executives who have signing authority, and those who can authorize financial transactions such as wire transfers. These are highly targeted and typically span over a very long period of time, involving service compromise and imitating senior executives and give payment instructions to employees who report into those executives.
DJ: What types of ransomware attacks are taking place?
Young: We’ve seen a change in ransomware attacks from initially being a “spray and pray” type of attack with little targeting, to focusing on very specific verticals which are known to be vulnerable. The most significantly impacted victims are enterprise and critical infrastructure industries. These industries include local governments, transportation, healthcare, oil and gas, high-tech manufacturing and organizations that demand high digital connectivity.
For instance, municipal and local governments tend to exercise a direct democracy, can make quick decisions and are likely to comply and pay, whereas compared to federal or state governments who usually can’t make the decision to make the ransom payment. Local governments are strained for security and IT resources, face competition of compensation with large organizations, and their IT is usually managed in a public procurement manner, making them more vulnerable.
DJ: What’s behind cryptomining malware?
Young: Cryptomining began as a response to not enough victims paying the ransoms for ransomware. Cryptomining is attractive because in today’s cloud era , the chances of an attacker getting caught for resource theft are relatively small. Historically, cyberattacks involved multiple steps to monetize and acquire profit. Cryptomining on the other hand is more direct and involves using other people’s resources to make bitcoin without the usual degree of direct confrontation seen in ransomware, resulting in profit.
DJ: What are exploit kits?
Young: Exploit kits are tactical tools for sale, packaged up as a product and sold for profit, usually as a secondary source of income. They are primarily used by less skilled attackers or individuals who want to attack an organization but don’t want to take the time to develop a strategy, or don’t have the necessary skills required to develop the attack themselves. Exploit kits have been around for a while in various forms but have certainly become more advanced. They’re very common and can be purchased using various mechanisms and are primarily used as a starting point for hackers.
DJ: What can businesses do to protect themselves in terms of technology?
Young: If businesses follow some best practices, they will likely be able to block nearly 99.9 per cent of attacks. These include:
Patching: this ensures vulnerabilities are closed, so its difficult for hackers to break through and access the technology wall. Installing pre-patch shields such as endpoint protection platforms (EPP) and intrusion prevention systems (IPS), protect resources even if not yet patched.
Back up: to ensure that a company’ data is protected its important back up files regularly. The best practice for backing up files and data is to follow the 3-2-1 rule -- 3 different copies stored in 3 different places, in 2 different formats with at least 1 copy stored offsite.
Educating Employees: Organizations need to establish a culture of security within the workplace by raising security awareness with their workforce and educating employees on how to spot social engineering techniques such as spam and phishing. Ensuring you have a multilayered security solution in place is also imperative.
DJ: Can internal businesses cultures be improved?
Young: In order to improve business culture it is imperative to first recognize the culture and then react appropriately to incorporate practices. For instance, making decisions which are appropriate to the resources at hand; knowing if an organization is security aggressive or tends to eventually fight threats; identifying the goal of each organization - is it to hire more staff, educate employees, securing endpoints? Improving business culture will only be valuable once these questions can be answered.
More about digital extortion, Cybercrime, Cyberattack
More news from
Latest News
Top News