Ransomware is increasingly being used as a ‘canary in a coal mine’ by attackers who are testing victims’ defenses in preparation for more insidious targeted attacks later on. The head of Cisco’s regional security practice has warned as the company’s latest cybersecurity report warns businesses to improve their detection capabilities and security hygiene or risk immolation by online attackers.
The Cisco 2016 Midyear Cybersecurity Report warned that a “highly vulnerable hodgepodge of web browsers, applications, and infrastructure has created a fragile foundation” for security. The problem was compounded, the report warned, because businesses become less likely to upgrade the more complex their network infrastructure becomes.
With businesses falling well behind the curve in applying patches to cover vulnerabilities – Internet devices had 28 known vulnerabilities each on average, with 885,918 of 3 million observed Apache httpd server installs for example, noted to have vulnerabilities.
Cisco’s security team highlighted concerns that an increase in vulnerabilities involving cryptography and authorization “are signs that treat actors are now seeking to tamper with secure connections” – often undetected, with studied organizations taking an average of 200 days to detect malware infections; Cisco claimed its median time to detection (TTD) was 13 hours in the six months through April.
The firm’s analysis of ransomware actors highlighted the “resilient” attacks they had created, noting that “innovators in the space… took their malware to an entirely new level of effectiveness when they began using cryptographically sound file encryption.” Indeed, ever more-resourceful attackers were proving themselves highly resilient and flexible at adapting attacks to be ever more effective.
This, ANZ general manager of security Anthony Stitt said in a statement, created interplay between ransomware and malware strains that used similar vectors of attack and used ransomware to test victims’ defenses before launching follow-up stealth attacks.
“If a business or individual is having problems with ransomware, this is sending the message that their IT environment is vulnerable and being exploited,” Stitt said. “Once inside, threats are able to move around unseen for hundreds of days at a time. Practically every major breach is an example of this, which is demonstrative of the need for organizations to dramatically improve their ability to find ‘in-progress’ problems before they escalate.” “’Point-in-time’ solutions just don’t cut it anymore; visibility and control are crucial for organizations, whether it be before, during or after attacks.”
Government guidance The report flagged “regulatory complexity and contradictory cybersecurity policies” at the national level as causing problems for international commerce, with “unconstrained” attackers sending profits from malware activities skyrocketing thanks to an expanding focus for attacks, evolving attack methods, and success in using encryption to obscure their operations from discovery.
Ransomware remains the most financially successful style of malware attack – a recent CyberArk study pegged losses to ransomware at $US325m last year alone – attackers are successfully monetizing new aspects of the malware ecosystem, with adware recently found to be providing a modest profit for its purveyors.