The cyber security landscape was incredibly rough for businesses during 2016. From 500 million Yahoo accounts breached to the unprecedented denial-of-service attack on cloud infrastructure provider Dyn, hackers seem to find ways to outdo themselves every month. And, unfortunately, this year won’t be any different.
Cyber attacks show no signs of slowing down. The Internet of Things (IoT), targeted email scams, and outdated software are just a few of the vulnerabilities that hackers will undoubtedly look to exploit in 2017, according to our cyber security partner Trend Micro. But despite seemingly insurmountable odds, businesses informed of the latest attack vectors stand a fighting chance.
In this eight-part series, we plan to arm you with the knowledge of the different security challenges that your business will likely face in the coming months. This week, we’ll kick things off with the malware that kept IT support providers in Atlanta on their toes and stole headlines in 2016: Ransomware.
What is it?
Ransomware is a type of malware that encrypts systems and files, thereby preventing users from accessing company data -- unless a ransom is paid, usually in the untraceable currency called Bitcoin. The malicious code is usually distributed via unsolicited links and executable email attachments; but as 2016 wore on, both its delivery methods and encryption tools became more sophisticated.
The healthcare industry was a popular target for online extortion, but during the second half of the year, almost every business was a viable target. Ransomware-as-a-service, a setup where less experienced cyber criminals would outsource ransomware development to seasoned hackers, made the digital extortion business a guaranteed cash cow.
And in December 2016, a new strain of ransomware loosened its grip on computers only if they infected other computers with the same malware. In short, ransomware exploded because cyber criminals realized that companies are willing to pay large sums of money to recover mission-critical data.
What can businesses expect?
While companies are familiar with common ransomware like Cryptolocker and Locky, they can expect to see different variations of digital extortion in the coming months. Early predictions suggest that there will be a “25% growth in the number of new ransomware families in 2017.”
Beyond the usual ransomware attack pattern, hackers will probably merge elements of online extortion with data breaches. Cyber criminals will first use data-stealing malware then lock targeted systems with ransomware, essentially hacking a system twice and doubling their earnings.
Ransomware delivery methods will likely exploit mobile user bases, point-of-sale systems, and ATMs. Extortion via smart devices like light bulbs and car brakes is also possible, but as of right now, the payout is not worth the effort, especially for profit-maximizing cyber criminals.
Kaspersky Labs claim that the increased accessibility of ransomware-as-a-service will give birth to an epidemic of nontechnical cyber criminals who plan to conduct complex financial attacks.
The first case of self-replicating ransomware discovered in 2016 could also be making a big return this year. Watchguard Technologies claim that more cyber criminals will combine the self-propagating characteristics of worm viruses to ransomware, causing the malicious code to rapidly spread and take company networks hostage.
How can you prepare?
With the aggressive growth of the online extortion business, strong cyber security solutions mean business survival. Although there’s usually no magic bullet to defeat every type of ransomware, a good combination of multi-layered network security systems, cloud backups, virtualized servers, and email protection provided by a trusted IT services partner can help defend against a multitude of threats.
Sadly, online extortion isn’t the only thing you have to worry about this year. In the next part of our cyber security prediction series, we will discuss the trend of denial-of-service attacks via IoT devices. If you would like to know more about ransomware or other cyber security predictions for 2017, get in touch with Atlanta’s leading managed IT services team at www.intelligis.com. We keep you posted on the latest in IT, so stay tuned for next week!
