Hacker Tracker: U.S. Most Willing To Pay On Ransomware

The U.S. was the number one target for ransomware last year. Its end users were also the most willing to pay.

This according to the latest volume of the Internet Security Threat Report published today by software company and security product provider Symantec.

In an interview with PYMNTS’ Karen Webster, Kevin Haley, director of Symantec Security Response, spoke to the many ways in which 2016 was a landmark year in cybercrime, where threat vectors point in the future and what’s being done to try and stop it.

To start, ransomware threats escalated globally through 2016 in size, number and kind. Symantec identified over 100 new malware families released into the wild last year. Likewise, they registered a 36 percent increase in ransomware attacks globally in the same period.

The United States bore the brunt of this rise, Haley said, in a number of ways.

First, the average amount asked for in ransomware attacks saw a 266 percent rise year over year. In 2016, cybercriminals demanded an average of $1,077 per victim, compared to $294 in the previous year.

The rise makes sense, said Haley, given how end users in the U.S. — the nation most targeted for ransomware attacks — tend to respond to this form of cyberattacks.

Looking at ransomware data from end users in 24 different countries, Symantec found the rate of people paying out on ransomware was 34 percent globally. In the U.S., that rate was 64 percent.

“It’s the country with the most connected computers in the world — give or take China — with a high standard of living and capability of paying are also most willing to pay,” Haley said. “It’s no surprise, then, that the written amount of ransomware has gone up and that the U.S. is the number one target.”

And so far, there’s no price ceiling. For the foreseeable future, cybercriminals could continue to raise their price target — just so long as they continue to get paid.

“Next year we may be talking of a rate that’s even higher than that,” Haley said.

But it wasn’t just a landmark year for cybercrime in the general public on PCs. Symantec saw new levels of cybercriminal ambition in 2016 — record identities exposed in data breaches, digital bank heists, DDoS attacks powered by IoT devices and, perhaps most notably, a rise in attacks on government entities and nation-states.

Cyberattacks on nation-states saw a major evolution last year, Symantec found, as the perceived success of campaigns has led to a spike in interest of a traditionally rare form.

“We used to think that cyberattacks on nation-states were just about stealing secrets,” Haley said. “But it’s moved into doing more. They now understand that they can expose our secrets, can embarrass us, influence and even sabotage events.”

Further, Haley said, cybercriminals don’t seem to care that attacks can be traced back to them, since their views are that digital crimes are different than crimes in the physical world — and, most often, consequence-free as a result.

Law enforcement does not have the bandwidth to investigate or prosecute for these crimes unless they reach a large financial threshold. Cybercrooks know this and use that to their full advantage.

As for what’s next, Haley said that cybercriminals will continue to leverage whatever works to disrupt or score cash. Or both. They’ll use any means — including “tried and true” tools like email and word documents, for example — since they continue to be effective.

“Computers are getting harder to fool,” Haley said. “And that’s driving the attackers to fool humans — and, unfortunately, the ability to fool humans hasn’t really changed that much.”

Though as the pace of technological advancement accelerates, cybercriminals will have a growing number of devices to leverage for nefarious purposes. Especially if it’s profitable.

Which makes the next frontier, Haley said, the internet of things — the myriad of devices that will connect to the internet and open the doors to a treasure trove of data once they get inside. Haley said that when Symantec does a little “honeypotting” and connects unsecured IoT devices to a network, they find that it takes attackers less than two minutes to “jump on the opportunity.”

At the start of 2016, the number of unique attackers that went after the unsecured devices was five per hour. At the end of the year, they found that had almost doubled.

Of course, we all remember the havoc that was wreaked when cyber crooks perpetrated a high-profile DDoS attack on Dyn last year and seconded baby monitors and DVRs to bring large swaths of the internet down for a day — more or less for the sport of it.

But these unsecured IoT devices are also leveraged for bitcoin mining and sending spam. As more devices become connected, Haley said that it’s easy to imagine a future in which ransomware tactics are leveraged by cybercriminals to unfreeze a smart car, television or even a refrigerator.

What keeps that from happening now is twofold, Haley said. First, there’s still a ton of money to be made in PCs — given the fallibility of human beings. Secondly, cybercriminals haven’t figured out a sure way to monetize hacking into baby monitors.

“It’s a practical matter,” Haley said. “How do you put up your ransom note and how do you get people to pay it?”

On mobile, attackers have already run into ransomware problems. They freeze phones to lock access and demand ransom — but then users don’t have a way to pay the ransom without accessing another device.

“That will be the difficulty for these guys,” Haley said. “Imagine someone trying to write down a TOR address off of their smart television set and walking over to their computer to enter it there. It’s just not going to work.”

Once cybercriminals get past these barriers — and they surely are trying to figure out how — then the world is likely to see people paying ransom to start their smart cars or open their front doors equipped with digital locks.

When presented with that brave-but-scary new world, Haley said that there are best practices that end users can take to prevent these issues from arising in the first place.

First, he said, make sure that all connected devices have strong passwords and always use two-factor authentication. Haley noted that if the DNC had used two-factor authentication, the email phishing attack wouldn’t have been so disastrous.

Secondly, users need to be more aware of all of the directions from which cybercriminals can strike.

“We need to be suspicious of Word files — they were very prominently used in 2016 and so far this year,” Haley said. “If you’re getting a word file and someone is asking you to turn on macros — don’t do it.”

Lastly, Haley said that even with good security, ransomware can still happen. But if users have already backed up their files, they won’t need to pay in the first place.

……………………………

Here’s the lowdown on other cybersecurity news updates from this past week:

Hackers Exploit Microsoft Word Flaw to Spy, Steal

Lending further credence to the above interview, new recently broke that a security flaw in Microsoft Word, known as CVE-2017-0199, allowed hackers to gain control of PCs without leaving much of a trace. Leveraging the flaw, different groups of cybercriminals were reportedly able to manipulate software to spy on Russian speakers and leverage the bug to rob online bank accounts on a global scale. Microsoft was able to fix the bug on April 11 as part of its regular software update.

New Human Rights Laws Proposed to Protect from Mind Hacks

It really is the future. Researchers recently proposed new human rights in the journal Life Sciences, Society and Policy, aiming to protect individuals from having thoughts stolen, abused or hacked. While it sounds like science fiction, the push to create a legal framework protecting the information in our brains comes as investigations and research into neurotechnology grow — specifically in the realms of brain imaging, implants and brainwave monitoring. The paper lays out the groundwork for four new rights: cognitive liberty, mental privacy, mental integrity and psychological continuity.

Interpol Finds 9,000 Infected Southeast Asia Servers

Interpol and seven Southeast Asian nations recently led a major investigation into cybercrime in the region. After conducting a thorough dive into the Southeast Asia cyberspace, they found that there were approximately 9,000 servers and 270 identified websites that were infected with malware. These types of malware included financial institution targets, ransomware spreading, Distributed Denial of Service (DDoS) attacks and spam distribution.

GE Fixing Software Bug That Left Electric Grids Vulnerable

That was a close one. GE announced on Wednesday it was working to fix a software bug that could have let hackers disconnect segments of the power grid, said Reuters. The vulnerability meant hackers could gain remote access to GE protection relays, emergency circuit breakers used to start and stop power. The vulnerable relays in question were reportedly introduced in the 1990s. The news comes at a time of increased concern over the security of legacy infrastructure such as power grids — though GE has not identified this bug to be the known cause of any outages.