US Election brings cybersecurity and hacking to the forefront

Posted by Geraldine Hunt on Mon, Nov 7th, 2016

No one can dispute that the Presidential elections in the United States this year has been anything but a normal election.  It has truly been like no other.  What’s more, perhaps no other event has brought the subject of hacking and cybercrime to the forefront than the election.  As political pundits banter back and forth about unsecure email servers and hacked email data on WikiLeaks, it is easy for the public and businesses to grow tired of the subject of cyber security.  The fact is though, while the seemingly endless election process has been playing out for the past 18 months or so, cybercrime continues to grow at an alarming rate, the consequences of which go far beyond political gotcha’s and debate.

Consider some of the following headlines and statistics reported from network and journals during this time:

• Nearly one million new malware threats are released every day. (April 2015)
• 1 in every 5 attacks in 2016 occurred as a result of malware (November 2016)
• About 556 million people became victims while more than 230 million of their identities were illegally and damagingly exposed (October 2016)
• Some 44% of UK organizations that experienced economic crime in the past two years were affected by cyber incidents (February 2016)

Following a data breach, the data if often sold on the dark web.

Ransomware is the leading culprit

• Ransomware is the fastest growing form of malware today having generated 4,000 attacks since January of 2016 (April 2016)
• 55% of financial firms recently surveyed in by SANs report ransomware as the top attack threat followed by phishing (50%) which previously held the top spot (October 2016)

And it is costing businesses real money

• Trend Micro reports that ransomware will cost enterprises an estimated $209K in the latter half of 2016
• 32% of financial firms report losses of $100K to $500K due to ransomware attacks in 2016
• Marcin Kleczynski, CEO at Malwarebytes, stated that the threat to financial institutions is so serious and tense that banks are piling up on bitcoins to be prepared in case of a ransomware attack

Ransomware is a threat that is global and knows no borders

Just five weeks ago, the Keck Medical Center of USC reported ransomware attacks at servers located at two of their hospitals.  Fortunately, they were able to restore the servers from good backups.  Three months earlier, six separate sites of the New Jersey Spine Center were attacked by Cryptowall ransomware in which it not only encrypted electronic health records, but the backup files and phone system as well. Ransomware has been like a match on kerosene, creating a combustion within the cybercrime community that seems to have no limit.  It is a threat that is global and knows no borders.

New approaches to ransomware have evolved recently besides the traditional approach of encrypting files.  In the past year, a new approach featuring DDOS attacks have surfaced in which attackers demand bitcoin payment in exchange for the restoration of an organization’s website.  The attraction of this model is the possibility of perpetual payments, the idea being that attackers can charge a DDOS subscription on a quarterly or yearly basis.  Should the targeted victim stop cybercriminal simply renews the attacks.

Ransomware as a service

At the Carolina IT Conference in October of 2016, a leading IT authority attributed the rise of ransomware to the ease at which ransomware can generate money.  With the rise of Ransomware as a Service, cyber wannabees can have an instant business model with little investment.  RaaS is highly organized and structured much like a traditional multi-level marketing company.  Distribution channels are organized by a boss or kingpin.  The structure is then organized in a tiered hierarchy of 10-15 affiliates per boss.  Current estimates are that bosses can earn about $90K on an average annual basis while affiliates take in an average of $7,200 annually.   Basically, an affiliate downloads a malware package from the Dark Web for a small cost of between $40 to $400.  As an example, Cerber, one of the most active ransomware rings operating today, afflicted 150,000 Windows users in July of 2016 alone.  According to Check Point, revenue estimates are somewhere around $280K. Revenue sharing plans between authors, bosses and affiliates. 

Another factor in which ransomware is emulating the practices of a real business is that ransomware producers are now putting greater amounts of effort and investment into R&D to not only improve the delivery and effectiveness of Ransomware, but to deliver more product offerings as well.  A new Ransomware strain called Philadelphia features a mercy button in which victims can decrypt their files for free should the attacker have feeling of remorse or guilt.

Surprisingly though, a large constituency continue to look at ransomware as a crime that can only happen to their neighbors.  According to a story in Computer Weekly (Feb 2016), 31% of respondents in a poll done amongst UK businesses showed that the greatest concern about cyberattacks is merely the potential disruption to services.  In fact, almost 60% are not concerned with the potential for theft of intellectual property.  It is clear that the attitude towards cyber threats needs to catch up with the times. Protect yourself from ransomware.