14 DAY TRIAL // Ransomware has made headlines numerous times this year, and it is unlikely that crooks would give it up just yet.
This is also one of the cybercrime forms targeting consumers expected to become more common next year. Since there is no efficient method provided by security vendors to counter this sort of threat, attackers are probably going to channel their efforts more than ever towards taking control of information and demand payment for not releasing it.
A new crypto-malware standard may appear next year
This does not necessarily mean encrypting the data on the compromised device, although this trend is on the rise, with crypto-malware cases becoming more frequent.
Simply blocking access to the infected device is sometimes enough for a less technical user to be compelled to shell out some money in order to restore functionality. By lowering the monetary demands, crooks may dig deeper into an already lucrative business.
CryptoLocker and CryptoWall have proven that there is plenty of money to be made, millions of dollars being estimated to have been collected by the attackers, and there are many more similar threats being launched at consumers these days.
The bitcoin payment trend is expected to gain more popularity as well, along with stronger encryption, such as elliptic curve cryptography; this makes the unlocking of the files impossible without the private key, which is rarely found in the malicious code itself.
Furthermore, crooks are likely to resort to TOR anonymous network to hide their command and control (C&C) servers. Some of the documented crypto-malware samples offer built-in connectivity.
Complying with the demands of the crooks is not a valid option because it would simply be an incentive for continuing this type of attacks.
One of the most efficient ways to avoid paying the crooks in order to regain control of the hostage files is to ensure a proper backup system. The safe copies should not be placed on the same machine as the originals though, because they could also fall victim to the malicious encryption process.
Ransomware attacks are likely to expand beyond consumers
Computers and mobile phones are not the only devices targeted by cybercriminals. As Internet of Things (IoT) devices become more popular, they will too make it on the crooks’ list, especially since in many cases the manufacturer focuses more on the functionality of the product and less on securing it.
The gloomy perspective of some of the security experts expands to extortion, a form of ransomware that generally consists of stealing sensitive data from an entity and threatening with leaking it online unless certain demands are met.
The Sony hack exposed by the media in November is the perfect example for this, where hackers calling themselves Guardians of Peace shared with the public large caches of confidential information from the Sony Pictures Entertainment network. This has caused the proverbial storm at Hollywood, as private email exchanges were revealed, showing “behind the curtain” talks, not just about actors and deals but also about President Obama.
A more recent example is the Rex Mundi breach of several employment websites, asking monetary compensation for not making personally identifiable client information public.
Of course, ransomware is just a part of the security challenges experts expect next year. Point-of-sale (PoS) malware is also a candidate for the position of most prevalent threat in 2015. In this case, a new direction has been recorded, where top cybercriminals are more inclined to go directly after the banks instead of their customers.
The security landscape for 2015 will definitely undergo significant modifications on both sides of the barricade: the thieves will push to develop more elusive and more destructive pieces of malware, while security firms will continue to try to come up with solutions that are one step ahead of the adversary.
