Ransomware surge to peak soon, with demise on the way

29 Nov 2016

Image: Rawpixel.com/Shutterstock

The growing sceptre of ransomware on the horizon has been espoused by cybersecurity experts all over the globe, but will 2017 signal the threat’s ultimate demise?

Intel’s McAfee Labs cybersecurity predictions for 2017 make for interesting reading, with 14 trends covering everything from hacktivism to internet of things (IoT) as a risk.

It’s ransomware, as always, that first draws the eye. Expecting an increase in attacks up to the mid-point of next year, Vincent Weafer, vice president of Intel’s McAfee Labs, believes a successful fightback from authorities will follow.


Time to fight back

Claiming it will be “a very significant threat” in 2017, Weafer’s report thinks greater cooperation across authorities and stakeholders will see the tide turn in the battle against ransomware criminals.

Indeed, the report namechecks the Kaspersky Lab, Europol and Intel’s No More Ransom project, as one such pioneering success story.

The development and release of anti-ransomware technologies, such as the various software tools listed on No More Ransom, aligned with continued law enforcement actions, will reduce the volume and effectiveness of ransomware attacks by the end of 2017.

The first half of 2017, however, will see ransomware as a service, custom ransomware for sale in dark markets, and creative derivatives from open-source ransomware code prominent – no resting on laurels just yet.

“To change the rules of the game between attackers and defenders, we need to neutralise our adversaries’ greatest advantages,” said Weafer.

“As a new defensive technique is developed, its effectiveness increases until attackers are compelled to develop countermeasures to evade it.”

Internet of risk

IoT proliferation will also be a concern, an area perhaps highlighted by the recent Mirai botnet attack in the US.

According to Intel’s report, IoT devices are attractive to cyber-criminals or nation states for two reasons: they are a potential source of data or metadata, or a potential attack vector to cause damage.

However, despite billions of IoT devices coming online over the next several years, it will take a while for criminals to figure out how to monetise attacks, so the number of successful attacks against these devices will likely remain small.

“To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas,” said Weafer.

These areas are information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralised data, and detecting and protecting in ‘agentless’ environments.

Beware the hacktivists

Interestingly, hacktivism is highlighted as one of the biggest fears for companies in 2017 and beyond, with the broad intentions of hacktivists the true problem.

Although ransomware will be a reality for many organisations with IoT devices and connections, criminals want to make money, so damaging or seriously disrupting a business is not in their interest.

However, activists usually look to make their point with a disproportionate display.

Whether it is taking control and altering voting machine tallies, opening valves at a dam, or overriding safety systems at a chemical plant, the potential for catastrophic damage is real. Within the next two to four years, we expect hacktivists to try, but few, if any, will succeed.

The 14 trends that Intel predicts are:

  • Ransomware attacks will decrease in volume and effectiveness in the second half of 2017.
  • Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualisation software will increase.
  • Hardware and firmware will be increasingly targeted by sophisticated attackers.
  • Hackers using software running on laptops will attempt ‘dronejackings’ for a variety of criminal or hacktivist purposes.
  • Mobile attacks will combine mobile device locks with credential theft, allowing cyber thieves to access such things as banks accounts and credit cards.
  • IoT malware will open backdoors into the connected home, which could go undetected for years.
  • Machine learning will accelerate the proliferation and increase the sophistication of social engineering attacks.
  • Fake ads and purchased ‘likes’ will continue to proliferate and erode trust.
  • Ad wars will escalate, and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities.
  • Hacktivists will play an important role in exposing privacy issues.
  • Leveraging increased cooperation between law enforcement and industry, law enforcement takedown operations will put a dent in cybercrime.
  • Threat intelligence sharing will make great developmental strides in 2017.
  • Cyber espionage will become as common in the private sector and criminal underworld as it is among nation states.
  • Physical and cybersecurity industry players will collaborate to harden products against digital threats.

Gordon Hunt was a journalist with Silicon Republic