Cyber-attackers upping their game with digital extortion

Cyber-attackers upping their game with digital extortion

Digital extortion will be the primary business model of cybercriminals using a variety of methods such as ransomware and business email compromise (BEC) in the year ahead, says a Japanese information security firm.

Machine learning and blockchain applications will also become favoured tools among cybercriminals, according to Trend Micro.

Citing a Trend Labs report, Piyatida Tantrakul, country manager for Thailand and Vietnam at Trend Micro, said digital extortion will be the core of most cybercriminals' business models in 2018 and will propel them into other schemes for getting their hands on potentially hefty payouts.

Cybercriminals are now aiming directly for money instead of tricking users to get their credentials.

Attackers will continue to rely on phishing campaigns in which emails with ransomware payload are delivered en masse to ensure a percentage of affected users.

Cybercriminals have resorted to using compelling data as a weapon to coerce victims into paying up. With ransomware-as-a-service (RaaS) still being offered in underground forums, along with bitcoin as a secure method to collect ransoms, cybercriminals are being increasingly attracted to the business model.

Cyber-attackers will also go for the bigger bucks by targeting single organisations, possibly in an industrial Internet of Things (IoT) environment, for ransomware attacks that will disrupt operations and affect production lines.

Moreover, the massive Mirai and Persirai distributed-denial-of-service (DDoS) attacks that hijack IoT devices, such as digital video recorders, IP cameras and routers, have already elevated the conversation of how vulnerable and disruptive these connected devices can be.

In addition to performing DDoS attacks, cybercriminals will turn to IoT devices for creating proxies to obfuscate their locations and web traffic, under the consideration that law enforcement usually refers to IP addresses and logs for criminal investigations and post-infection forensics.

Extortion will also come into play when the directives of the General Data Protection Regulation (GDPR) are imposed. GDPR covers European firms and the organisations that do business with them.

Cybercriminals could target private data covered by the regulation and ask companies to pay an extortion fee, rather than risk punitive fines of up to 4% of their annual turnover.

Companies will have ransom prices associated with them that cybercriminals can determine by taking publicly available financial details and working out the respective maximum GDPR fines the companies could face. This atmosphere will drive an increase in breach attempts and ransom demands.

According to the US Federal Bureau of Investigation, BEC scams have been reported in more than a hundred countries and had a marked increase of 2,370% in identified exposed losses between January 2015 and December 2016.

BEC scams are quick, require very little scouting and can yield big gains depending on the target, as evidenced by US$5 billion (164 billion baht) in recorded losses.

BEC incidents will only multiply in 2018, according to Trend Micro, leading to more than $9 billion in global losses.

BEC is a type of scam targeting companies that conduct wire transfers and have suppliers abroad.

Researchers are uncovering the possibilities of machine learning to monitor traffic and identify possible zero-day exploits, but cybercriminals are likely to use the same capability to stay ahead of the curve.

Attackers can deceive machine learning engines, as shown in the slight manipulation of road signs being recognised differently by autonomous cars.

Researchers have already demonstrated how machine learning models have blind spots that adversaries can probe for exploitation.

Emerging trends such as blockchain that require consensus among participants makes it difficult to perpetrate unauthorised changes or deliberate tampering. The more transfers there are, the more the series becomes complex and obfuscated.

This obfuscation can be seen as an opportunity by cybercriminals looking into enhancing their attack vectors. Attackers have already managed to target blockchain in the ethereum hack, which led to more than $50 million worth of digital currency losses.

"In Thailand, ransomware and BEC tend to be impacted with those methods," said Ms Piyatida. "Investment in cybersecurity is growing in 2018, particular in the middle market."

Do you like the content of this article?
COMMENT