Author: Michael Bruemmer / Source: SecurityInfoWatch.com
Widespread infections, locked systems, demands for payment – sound like your average ransomware attack? Well, if you think the answer to this is simple, the recent Petya and WannaCry incidents would suggest otherwise.
Without sounding off alarm bells (or should I say, sound away?), we must face the ugly truth that cyber schemes are becoming more sophisticated, and in turn, being used – or presenting the ability to be used – as a disguise for different, and potentially darker, attacks all together. In the case of the recent Petya and WannaCry incidents, many believe the viruses were used to hide state-sponsored attacks with motives well beyond the typical cybercriminal ploy to make a profit. Why? While not necessarily the preferred or number one vector for acts of cyber war by nation-states, ransomware happens to be one of the easiest to carry out and cover up, and according to founder of cybersecurity firm Comae, a “lure to control the media narrative.”
Although I recognize that with these types of incidents come many theories, I can’t help but notice the simultaneous escalation of both ransomware and nation-state attacks amongst the current, volatile political climate. This is not to say that there’s a direct correlation between the two, but it’s further reason to believe that cyberthreats and ransomware, specifically, are evolving at a rapid rate. To best help businesses that are often stuck in the crosshairs, I’m sharing my take below on the current threat landscape, what we may see in the future and how to prepare for the resulting disruption.
The Current State of Ransomware
Eight months in and 2017 has been monumental for ransomware. As stated above, we’ve seen these attacks evolve from quick methods for hackers to cash out to one of the most dangerous techniques, involving even acts of war.
This spring, the largest cyber-attack and one of the “biggest ransomware” outbreaks in history occurred, infecting more than 300,000 computers in 150 countries with “WannaCry” malware. The attack, which leveraged a Windows exploit used by the NSA to go undetected, hit a number of organizations including the UK’s National Health Service, U.S. hospitals, FedEx, Nissan plants, universities in China, and banks and telecom providers in Russia, among thousands of others. The result? Forced surgery delays, canceled appointments, preventative shutdowns, outages and… chaos.
There’s been much discussion around whether WannaCry was carried out by a nation-state due to the fact that the attack used tools from a cybergang with connections to North Korea. And while sources at Symantec said that it’s “highly unusual to find code associated to nation-state actors within attacks believed to be conducted by cybercriminals,” they also reiterated that this doesn’t guarantee the attack was conducted “at the behest of a nation-sate.”
On the contrary, a mere month later, “Petya” ransomware spread across Europe, the Middle East and the U.S., crippling companies, government agencies and critical infrastructure in what now appears to be a targeted attack on the country impacted most: Ukraine. Beyond the government, Ukraine’s banks, electricity grid, metro system and Kiev airport were affected. Given the complexity of the…
Click here to read more
