Blog Details

How the Ransomware Economy Has Grown

The breadth and magnitude of ransomware attacks occurring today suggest that the cyber extortion industry has evolved exponentially over the past 12 months. It is as difficult to keep up with the headlines as the security advice that follows. In the face of this media firehose, it is important to step back and understand how we got to the state. We feel there are three primary elements that have lead to the current state of cyber extortion, and ransomware in particular.

Element #1: Socio-economic conditions for STEM Educated Citizens of Eastern European Countries Cyber criminals and hackers are almost universally portrayed as hooded criminals, operating in the shadows. In reality, most cyber criminals likely resemble your average office worker, vs. a deviant cyber criminal. So who are these people, and why do they commit these crimes?

Element #2: Mainstream Development of the Cryptocurrency Ecosystem Before crypto currency, cyber criminals would target the theft of two things: fiat currency, or data that could be sold on a dark market for currency. Theft of currency via social engineering, business email compromise or direct hacks has one prickly drawback - time. In order for fiat currency to be stolen, it must escape the traditional banking system. This escape takes time, and if the victim is able to thwart the movement of currency before it escapes, the funds can be recovered. Roughly 75% of currency based theft (like Business Email Compromise) is recovered by law enforcement before it disappears off the grid of the banking system. Stolen data suffers from a different type of monetization problem. First, stealing large amounts of valuable data is very hard and a highly specialized skill. Second, finding a willing purchaser of stolen data can be time consuming and dillutive. Stolen currency has concrete value. Stolen data is only as valuable as what the marginal buyer is willing to pay for it. Enter crypto currency.

Element #3: Mass Availability of cheap Malware and Free Hacking Tools While the ransomware payload that, when detonated, encrypts files is often the focal point of a ransomware attack, it is actually the least spectacular and easiest to spot piece of malicious software involved. The malware that allowed the actor to get inside is much more sophisticated pervasive and troubling. Even more problematic than eradicating malware or persistence from a network, is the mass availability of free or cheap malware to anyone with a few dollars and criminal intent. So where did all of this malware come from? Well, a large volume of it was built by western governments, breached by hacking groups of various origins, and spilled into the wilderness for anyone to consume. Today, breached RDP credentials to a midsized US company can be purchased for less than one hundred dollars on numerous dark marketplaces, making the unit economics of a ransomware attack highly compelling. The open availability of ransomware as a service kits have also dramatically lowered the bar to entry. One does not need to be technical to distribute ransomware anymore. There is also an odd relationship between free availability of pen-testing tools like Empire, Mimikatz, Kali Linux, and Metasploit and use of these same tools for criminal tradecraft. There are even calls from the white-hat security ecosystem to regulate the use of these tools given how powerful they are, and how prevalent their use is in cyber crime. The end result is that your average dark marketplace has more malware SKU’s than a Home Depot has construction SKUs.

Read More
Overcoming the Challenges of AppSec Programs in a Remote Working Environment

The cybersecurity skills gap has been a chronic issue within the industry, making it difficult to find an adept security professional even on a good day. Indeed, according to a report by ISC^2, nearly two-thirds of organisations reported a shortage in cybersecurity staff. Today, this has only been exacerbated as travel restrictions and office closures impede any skills from being realised.

In order to overcome this hurdle, businesses may wish to consider managed application security testing services. This can help in alleviating some of the burden from employees and instead, outsource it to remote teams of experts as and when necessary. With this flexibility, organisations can also benefit from cost-efficiency.

The second important step to take is in ensuring that the existing team of developers are offered proper training in cybersecurity. These individuals make up the frontlines of the software development cycle. Yet, according to Forrester research, out of 40 distinct university computer science programs across the United States, not one requires students to partake in secure coding or secure application design courses.

As such, organisations are responsible for teaching these skills to software development teams. Though social distancing may temporarily put a stop to in-person training sessions, the world of online courses and resources allows for distance learning to be possible. Indeed, eLearning is useful in enabling employees to carefully work through vast amounts of content at a speed that suits them. This can then be paired with video conferencing which provides employees with an opportunity to ask questions or run through specific training material.

Both of these solutions are helpful in tackling the human-factor of Application Security programmes. However, organisations will also need to assess safeguarding measures against vulnerabilities in the applications themselves. In many cases, this might simply be a question of applying perimeter defence mechanisms such as web application firewalls (WAFs). For other organisations operating online, however, more needs to be done as web or mobile applications are themselves the perimeter.

According to the 2020 Open Source Security & Risk Analysis (OSSRA) report, such applications typically run on a foundation of open source code, 91% of which are either outdated or have been abandoned altogether. If organisations hope to avoid a similar conclusion as that of the Equifax breach in 2017, special care needs to be given to understanding the ins and outs of any one line of code; including what open source components exist within it. Running an audit and subsequently conducting vulnerability scans can do wonders in preventing the exposure of sensitive data and systems.

By strategically assisting application development teams with external support, investing in their security skillset as well as choosing to be aware of one’s open source portfolio, organisations can succeed in building excellent and secure software. Working remotely no longer has to be a barrier in achieving this.

Read More
New Android Malware Now Steals Passwords For Non-Banking Apps Too

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps—a total of 337 non-financial Android applications on its target list.

Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software.

Read More