Paradigm Shifts: Trend Micro Security Predictions for 2018
THE RANSOMWARE BUSINESS
MODEL WILL STILL BE A CYBERCRIME
MAINSTAY IN 2018, WHILE OTHER
FORMS OF DIGITAL EXTORTION WILL
GAIN MORE GROUND.
For 2017, we predicted that cybercriminals would diversify ransomware into other attack methods. True enough,
the year unfolded with incidents such as WannaCry and Petya’s rapidly propagated network attacks, Locky and
FakeGlobe’s widespread spam run, and Bad Rabbit’s watering hole attacks against Eastern European countries.
We do not expect ransomware to go away anytime soon. On the contrary, it can only be anticipated to make
further rounds in 2018, even as other types of digital extortion become more prevalent. Cybercriminals have
been resorting to using compelling data as a weapon for coercing victims into paying up. With ransomwareas-a-service (RaaS) still being offered in underground forums, along with bitcoin as a secure method to collect
ransom, cybercriminals are being all the more drawn to the business model.
Ransomware maturity as a catalyst
for digital extortion campaigns
If the evolution of cybercriminal tactics over the years is any
indication, cybercriminals are now going straight for the money
instead of tricking users into giving up their credentials. The
early online threats were heavy on infostealers and malware
that hijacked banking transactions to steal private information.
Then, the breed of threats went out to disguise themselves as
anti-malware solutions (FAKEAV), whereby users were duped
into downloading the software and paying up to regain access
to the victimized computers. Emulating this behavior of FAKEAV,
ransomware took the stage from then on.
The current success of ransomware campaigns — especially their
extortion element — will prompt cybercriminals looking to make
generous profits out of targeting populations that will yield the
most return possible. Attackers will continue to rely on phishing
campaigns where emails with ransomware payload are delivered
en masse to ensure a percentage of affected users. They will
also go for the bigger buck by targeting a single organization,
possibly in an Industrial Internet of Things (IIoT) environment, for
a ransomware attack that will disrupt the operations and affect
the production line. We already saw this in the fallout from the
massive WannaCry and Petya outbreaks, and it won’t be long
until it becomes the intended impact of the threat.
Prominent Cybercriminal
Business Models Over the Years
Ransomware and DIGITAL EXTORTION
will be the land of milk and honey for
cybercriminals.
Unprecedented ransomware outbreaks occur
through WANNACRY and PETYA.
New ransomware families spike by 752%,
RANSOMWARE-AS-A-SERVICE (RaaS) emerges.
Ransomware steadily grows, and continues to
encrypt and demand payment.
Ransomware BITCRYPT encrypts files and
demands bitcoin payment.
Ransomware CRYPTOLOCKER encrypts files, locks
systems, and demands $300 payment.
Trojan SPYEYE steals millions of dollars.
First Android Trojan, DROIDSMS, emerges.
Trojans spread via malicious links on Twitter.
Worm KOOBFACE targets Facebook users.
FAKEAV steals credit card information using fake
antivirus scare messages.
Infostealer ZEUS is discovered.
Online banking malware that logs keystrokes or
changes banking interfaces flourishes.
SOURCES:
http://blog.trendmicro.com/trendlabs-security-intelligence/threat-morphosis/
https://www.trendmicro.com/vinfo/us/security/definition/ransomware
https://documents.trendmicro.com/assets/rpt/rpt-setting-the-stage.pdf
Extortion will also come into play when GDPR gets imposed. Cybercriminals could target private data covered
by the regulation and ask companies to pay an extortion fee rather than risk punitive fines of up to 4 percent
of their annual turnover. Companies will have ransom prices associated with them that cybercriminals can
determine by taking publicly available financial details and working out the respective maximum GDPR fines the
companies could face.This will drive an increase in breach attempts and ransom demands. Moreover, we expect
GDPR to be used as a social engineering tactic in the same way that copyright violations and police warnings
were used in past FAKEAV and ransomware campaigns.
Users and enterprises can stay resilient against these digital extortion attempts by employing effective web
and email gateway solutions as a first line of defense. Solutions with high-fidelity machine learning, behavior
monitoring, and vulnerability shielding prevent threats from getting through to the target. These capabilities are
especially beneficial in the case of ransomware variants that are seen moving toward fileless delivery, in which
there are no malicious payloads or binaries for traditional solutions to detect.
Please complete the form to gain access to this content
