Over the last few years, we’ve repeatedly reported on the fact that cybercriminals are stealthy, smart, and sophisticated. They’re building global organized cybercrime syndicates and, with one simple piece of malware, can generate millions of dollars in just a few days. Like any aggressive business, they’re capable of altering their tactics to adapt to changing business and technical environments.
In the Fall of 2015, we predicted that the world would soon begin seeing more sophisticated ransomware and phishing attacks as threat actors hone in on what is popular, what works, and most importantly, what generates significant revenue.In the Fall of 2015, we predicted that the world would soon begin seeing more sophisticated ransomware and phishing attacks as threat actors hone in on what is popular, what works, and most importantly, what generates significant revenue.
Locky’s Spectacular Rise
The dramatic appearance of the Locky ransomware this past February demonstrates both the legitimacy and reality of our concerns. During March, the average daily malware email levels increased by 412% from February, as a direct result of the Locky ransomware.
The story behind Locky’s spectacular rise is both fascinating and somewhat alarming for cybersecurity professionals. This new ransomware is well designed. Clearly the threat actor behind its development continues to invest time and resources in its distribution, with modifications and evasion methods implemented several times daily. Further, Locky’s delivery method—an email attachment containing JavaScript programming—provides the cybercriminal with a simple streamlined method to complete the malware delivery stage, with JavaScript offering other threat actors an incredibly easy way to leverage and manipulate code to create millions of variants. For companies that rely on signature-based malware detection tools, this is especially problematic, as millions of signatures are then needed to identify and block the numerous malware variants.
The creation of Locky represents a notable shift in how cybercriminals are now engaging in the business of cybercrime. JavaScript is easy to program and alter making it a relatively inexpensive ransomware delivery tool. And, the ease of using digital currencies, like bitcoins, is offering cybercriminals more efficiency and stealth by enabling them to hide their financial gains from traditional tracking.
The dramatic increase in the proliferation of advanced ransomware is no surprise. CYREN and other cybersecurity professionals have been expecting it. To detect, block, and counter-attack advanced threats, we’ve been investing in new behavior-based detection models and multi-sandbox arrays to significantly help businesses protect against new forms of malware.
Cybercrime as Technical and Economic Problem
In the end, cybercriminals work the same way most businesses do – they evaluate risk and the reward associated
with it. Stopping cybercrime means beginning to view it as both a technical and economic problem. Security is a growing expense of doing business. Yet the increasing technical complexity on both the criminal and security side, means organizations risk wasting time, money, and focus by attempting to develop their own strategies and solutions. The great news is that by deploying security which has the cloud scale and comprehensive “big data” intelligence to detect and stop such attacks, businesses can ultimately contribute to reducing the economic payoff calculation for the cybercriminals and, at the same time, defend their organization.
The full May 2016 Cyberthreat Report can be downloaded here