Ransomware and hacking become online services – where will it end?

Written by on August 18, 2017 in Opinion with 0 Comments

ransomwareCyber security is fast becoming a priority item for companies around the world as the headlines pile up about IoT botnets, ransomware and data theft (HBO). Most of the focus is on those kinds of elaborate technological attacks, and the measures that companies can take to thwart them – which is good.

The problem is that the majority of attacks are the old-fashioned kind that work by exploiting the weakest link in the security chain – good old human gullibility. And one reason such attacks are the bigger security threat is because far more cyber criminals can launch them easily thanks to other cyber criminals offering “hacking-as-a-service”.

Sophos principal research scientist Chester Wisniewski recently told Techgoondu that most attacks work by getting the victim to install and activate malware, whether via booby-trapped videos or the classic email attachment. Cyber criminals prefer customizing existing malware with a social engineering angle because it’s cheaper and easier than breaking into a computer, especially as companies like Google, Microsoft and Apple get better at fixing security loopholes and enterprises beef up their own security practices:

“Why would a criminal pay for US$50,000 for an exploit and it only works for a week? Social engineering is more successful and it’s free,” said Wisniewski.

What’s more, cyber criminals on the Dark Web have built well organized services to help others launch their own malware attacks, he said:

On the Dark Web, a criminal could hire a writer to draft an e-mail that mimicks a legitimate one. A graphic artist can design a website replicating a bank’s, while a translator can help get the message across in the right language to target wealthy consumers around the world.

Finally, there might be a spammer who can deliver the malware-loaded e-mails to actual targets. Some service providers even guarantee that the e-mails will be opened or they will help send another bunch for you – for free […]

There’s even “ransomware as a service”, which enables an aspiring black hat to launch a ransomware attack by simply filling out an online form. (And don’t forget that report claiming that you can rent a botnet for your next DDoS attack.)

The upshot is that cyber criminals offering hacking services are building up a customer base that then becomes your security problem – and the biggest hole in your security posture will be the gullible employee who clicks the attachment (although in the employee’s defense, cyber criminals are getting better at making a bogus email, video, website or whatever look like the real thing).

Tags: , , ,

John C. Tanner

About the Author

About the Author: John is editor of Disruptive.Asia and was previously managing editor at Telecom Asia. He has been covering the Asia-Pacific telecoms industry since 1996. He has two degrees in telecommunications and has worked for six years in the US radio industry in various technical and advisory capacities, covering radio and satellite equipment maintenance, studio networking, news writing and production, the latter of which earned him several regional and national awards. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: