Cybercriminals are starting to shift their focus from stealing personal data to other actions which bring immediate profit, experts at SANS institute say. At the recent ‘The Seven Most Dangerous New Attack Techniques’ roundtable held at the RSA Conference, Dr. Johannes Ullrich demonstrated a curious slide with a modest header saying ‘Changes in malware economics’ which contained a far more radical statement: ‘ALL DATA HAS BEEN STOLEN’.
In the US alone, Ulrich says, cybercriminals had already laid their hands on 191 million voter records (bearing in mind the total number of voters in the US is 142 million). That means some records were stolen more than once. As for the credit card data, the numbers are not that shocking, but, of course, they do raise concerns: of 170 million cards issued, 61 million has been compromised (as of 2014).
For #DPD15, we look at 2014’s top data leaks on Kaspersky Daily. https://t.co/lEpy81gdBl #databreach #cybercrime pic.twitter.com/XITXMW9NLe
— Kaspersky Lab (@kaspersky) January 28, 2015
Since hackers’ ‘dedicated’ work has led to a surplus in ‘production’ (if you see cybecrime as an industry), the price of the data on the black market has dropped. With this trend, the theft of user information has become a less profitable and thus less attractive venture for hackers, who then started to search for new ways of gaining profit. Now cybercriminals are increasingly prone to directly demanding ransoms from a victim, no matter who the latter is — an individual or a business.
The number of cases involving DDoS extortion has significantly increased: the culprits won’t stop attacking until the target pays the ransom. Ransomware is becoming more varied and more sophisticated. Among the the recently publicized were the cases of ransomware attacks on two hospitals, and one of them was ultimately forced to pay the ransom in order to decrypt the valuable information.
The longest #DDoS attack in Q4 2015 lasted for 371 hours (or 15.5 days). https://t.co/mTTUwEKsNw #KLReport pic.twitter.com/taDBla5k6v
— Kaspersky Lab (@kaspersky) January 28, 2016
A much less prominent yet more proliferating phenomenon is a new generation of ransomware capable of blocking access to websites. Recently a number of WordPress blogs were hit by CTB-Locker. Cybercriminals would gain access through vulnerabilities in the WordPress engine and then encrypt all the contents of the website. They would then add a few lines of code which would allow them to open the page in a browser and get in touch with the attackers as if through the ‘technical support chat’.
As a sign of ‘good will’, the criminals would decrypt two files free of charge. You might say, “Why go to so much trouble just for a blog?” However, WordPress engine’s simplicity and convenience made it the platform of choice for many online stores and even corporate websites. In those cases, the value of website contents might be huge.
Encrypting data is not equal to stealing it — as it turns out, the first may be even worse. Admiral Michael Rogers, head of the NSA, which also had spoken at RSA 2016, names this one of his worst nightmares. ‘What happens when the same activity is used to manipulate data, software or security products, and suddenly we no longer trust the data we are seeing? What do we do about that?”‘ — he asks.
CTB-Locker is back: the web server edition via @IdoNaor1 https://t.co/oz3vZYSD5C #infosec #netsec pic.twitter.com/RrGIwlorOi
— Kaspersky Lab (@kaspersky) March 1, 2016
Average users still have to watch out for ransomware that encrypts PC data. Also, the attackers are increasingly looking into opportunities to target smartphones: Android ransomware is already in the wild. Besides encrypting data, it makes the handset entirely unusable.
Since a large portion of smartphones do have unpatched vulnerabilities (like Stagefright) and Android malware has quickly become more sophisticated, we are witnessing even more disastrous Android attacks which would enable cybercriminals to both steal money from a phone or bank account and demand ransoms.
The continual evolution of #mobile #malware – https://t.co/lev9ovlF4j pic.twitter.com/lZMRPKVblr
— Kaspersky Lab (@kaspersky) March 2, 2016
SANS experts did not cover protection techniques thoroughly, but we will do this job for them.
1. Websites owners should regularly update both WordPress and its add-ons. Since it’s a tedious job, consider a specialized web hosting which would run those updates automatically.
2. Don’t forget to regularly download website backups which are usually run by a hosting provider and keep them in an offline storage.
3. Back up your critical data regularly and keep it in a detached storage – the best option here would be an external hard drive. As for smartphones, we recommend using cloud storage and uploading all the critical data there.
Setting up backups with Kaspersky Total Security https://t.co/xY9jD0mPpu pic.twitter.com/3PSGIvzFNn
— Kaspersky Lab (@kaspersky) December 23, 2015
4. Ensure your home PC is properly protected. By the way, Kaspersky Internet Security safeguards your documents if it spots some suspicious activity which looks like something’s trying to encrypt your files.