In 2017, I received a text from a nurse I know. She said that the staff had been told to, under no circumstances, switch on a computer. It was becoming chaotic on the ward. Patients were being sent to other hospitals. It turned out that her hospital had been part of a global ransomware attack that was to become one of the biggest attacks of its kind, ever.
WannaCry was the name of the ransomware behind the 2017 attack and it really did make you wanna cry.
In 2016 and into 2017, a company was attacked by ransomware every 40 seconds. Ransomware was the most talked about cyberattack type and probably the most feared. Ransomware, which encrypts your files and documents across your network, including the Cloud, was a spectre haunting us all.
But in the world of cybercrime, nothing ever stands still, so, what happened next?
The Shifting Sands of Cybercrime
Cybercrime is a business. A valuable one. The business of cybercrime was estimated to bring in at least $1.5 trillion a year in a study from the University of Surrey. And it will cost businesses a fortune, estimates of around $5.2 trillion USD (£4 trillion) to fix the problems that cybersecurity threats cause.
Cybercriminals were becoming rich off the back of their bad deeds. But like all businesses you need to innovate to compete.
In 2018 and 2019 new kids on the block have appeared in the form of new cybersecurity threats. As our technology and commercial landscapes change, new opportunities appear. One of these has been the explosion of crypto mining bots – malware that turns your computer into a slave to mine crypto-currency. Another that is predicted for this year and perhaps into 2020 and beyond is the use of the Internet of Things. 2017, saw a 600% increase in attacks using this vector and this is expected to grow.
Global changes affect bad business as much as good and the uptick in cryptocurrency value played a major part in cybercriminal strategy. The increasing use of the IoT will see increased use of this technology by cybercriminals Like the rest of us in business, cybercriminals’ change their game as new opportunities unfold.
A Bot in the Hard Drive is Worth…
Ransomware made a big splash in 2017, putting it on the radar of those of us trying to prevent cyberattacks.
This resulted in increased awareness of the ways that ransomware infiltrated our systems.
Awareness from attacks such as the SamSam ransomware infections in U.S. hospitals, which infects machines via insecure ports used for remote desktoping. These attacks made $5.9 million in revenues for hackers. Or phishing emails containing ransomware in attachments created fresh focus on phishing. Taking action, meant that for a while it felt like the battle was being won. But then something changed.
Attack vectors update, social engineering becomes just a bit sneakier, new zero-day software flaws appear. Nothing ever stays the same and cybercriminals are very good at innovation, especially to take advantage of human behaviour.
In 2018, there was a 8500% increase in crypto mining bots. These are a type of malware that turns the infected computer into a slave to crypto. The bot uses your machine to mine crypto coins making the hacker money.
As the bots increase in prevalence so ransomware infection rates have plummeted. The levels of ransomware infection in 2018 were down by 20% according to Symantec. This is perhaps not surprising. Companies become aware of attacks and plug the security gaps. So, the cybercriminals change their tactics. The end result, a game where the odds continually change.
The Evolutionary Interplay of Cybercrime Attack Types and The Arms Race
Cybercriminals do not sit on their laurels. They innovate to make sure they evade detection and keep making money and/or keep causing damage. The term “survival of the fittest”, in evolutionary theory actually basically means to be able to survive in a given environment and reproduce. The same is true in cybersecurity – if a threat works, it will survive and continue. But once the environment changes and activities that involve threat mitigation occur, the threat will evolve.
In terms of cybersecurity awareness, which is a vital ingredient in threat mitigation, this means ongoing training.
Cybercrime is an ever-changing game we have become caught up in. This is about human beings taking advantage of others, something we have been doing since we walked on the ancient savanna.
Ransomware went out of vogue because we caught up with the threat and the way it entered out IT networks.
Crypto mining bots came into vogue because of the inflated price of mining and cryptocurrency.
As crypto prices decrease and stabilise so cybercriminals will look for new hunting grounds.
We too need to adjust behaviour to counter-balance the evolution of cyber-threats.
In research by cyber-insurance company Willis Towers Watson, they found that over 90% of cybersecurity incident claims were due to the manipulation of human behaviour. Research by the firm also found that 87% of companies thought that untrained staff were the greatest threat to cybersecurity.
WannaCry cost the NHS £19 million and over 19,000 cancelled appointments. And, although ransomware attacks are down, that could all change. Crypto bots might be flavour of the month, but it won’t stay like that for long. Cybercriminals are masters of change and we have no option but to keep up with them by making sure our staff are cybersecurity aware.