Be Prepared for these New and Emerging Ransomware Threats

Ransomware threats are everywhere, and the problem is going to get much worse before it gets any better. According to a recent survey, about half of all businesses have experienced a ransomware attack at least once in the last 12 months, and a staggering 85% had been hit three or more times. Because ransomware is now ubiquitous, organizations have learned to fight back, to some extent, by restoring their systems from backup drives. However, hackers are fighting back, too, with new and improved ransomware variants. Here are five of the biggest ransomware threats to watch out for in 2017.

1. Doxware

Doxware, a combination of ransomware and extortionware, is a direct response to organizations’ attempts to avoid paying ransom by restoring infected systems from clean backups. In addition to locking down a victim’s system, doxware goes a step further by simultaneously threatening to publicly release the user’s private or sensitive data. For example, one doxware variant notifies users that it has compromised all of their login credentials, contacts, and Skype history onto a server and threatens to forward it to all of their contacts. Other variants are programmed to search the user’s system for files containing keywords that might indicate embarrassing content, such as “nude” or “sex.” Restoring the system from a backup is ineffective against a doxware attack because it will solve only half the problem.

2. Ransomware Threats Against Mobile and IoT Devices

One of the many concerns regarding doxware is that it is perfectly suited to attacks on mobile devices, where users are likely to store embarrassing photos and videos, sensitive data such as bank login credentials, and contact lists. Recently, the owner of an Android-powered smart TV made the news when his set was locked down by what was believed to be a variant of the Cyber.Police ransomware strain. Since most internet access is done on mobile now, and since the Internet of Things is exploding in popularity, look for more ransomware threats specifically targeting these devices.

3. Attacks on SCADA/ICS Networks

SCADA and ICS (industrial control systems) networks, which are widely used to power critical infrastructure networks such as utilities and public transit systems, are particularly vulnerable to ransomware threats and other forms of cyber crime. Many SCADA and ICS systems that are currently in use pre-date the internet by decades; they were designed to maximize functionality, efficiency, and safety, not cyber security. Shortly before Christmas in 2015, an attack on a Ukrainian power company’s SCADA network took 30 substations offline and plunged 230,000 residents into darkness for hours. It was recently disclosed that a disk-wiper virus called KillDisk was involved in this attack – and that KillDisk has since mutated into a form of ransomware that may be specifically aimed at SCADA/ICS systems. And, in late November 2016, the San Francisco Municipal Transportation Agency was attacked by ransomware that locked down its ticketing systems for part of a weekend, forcing it to give away free rides so that the public-transit-dependent city would not ground to a halt.

4. Attacks on the Manufacturing Industry

Manufacturing is the second most hacked industry in the nation, trailing only healthcare. Automotive manufacturers are the top target, followed by makers of chemicals. The manufacturing industry is vulnerable due to a lack of regulations regarding industrial cyber security, coupled with the complexity of the industrial supply chain. The latter means that manufacturing plants, like hospitals, cannot afford to have their systems locked down for even a day. Yet many manufacturers focus solely on achieving the minimum compliance with industry and regulatory standards, which does little to protect their systems and data. Look for increased ransomware threats against manufacturers as hackers seek large paydays.

5. Malware-Free Ransomware

So-called “malware-free” ransomware does not contain an executable file, instead relying on normally benign tools such as JavaScript and PowerShell to do its dirty work. One variant discovered in November infects Scalable Vector Graphics (SVG) files with malicious JavaScript code, which redirects users to malicious websites. This type of ransomware is extremely difficult to detect, and it’s very easy to hackers to alter the code to evade new security tools.

The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.

Continuum GRC is proactive cyber security®. Call +1 (888) 896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.

Schedule some time with our Superheroes for a Free Assessment!

Internet-connected smart toys, a popular holiday gift item, have vulnerabilities that put both children and parents at risk of data breaches and identity theft.

Smart toys, which connect to the internet and offer children a personalized, interactive play experience, were a very popular gift item this past holiday season. However, the interactive features of smart toys – such as the ability of the toy to remember a child’s name and birthdate, or even track their location – are made possible because the toys connect to the internet, just like all other IoT devices. Meanwhile, the cyber security of IoT devices and the information they collect are in serious question, and smart toys are no exception.

Smart Toys as Cyber Weapons

Child identity theft is a very serious problem. A 2012 study commissioned by the Identity Theft Assistance Center found that 1 in 40 U.S. households with minor children (under age 18) had at least one child whose personal data had been compromised. Cyber criminals have no moral qualms about targeting even the youngest children. In fact, child identities are worth more than adult identities on the black market because thieves can often use them for many years before the victim realizes what has happened. Adults may discover that their identities have been stolen fairly quickly, such as after their credit card company alerts them of suspicious activity on their card. Minors, conversely, may not find out they have been victimized until they apply to college or attempt to rent their first apartment, only to find that their credit has been ruined.

Smart toys are the perfect vehicles for child identity theft because of the personal information they collect, including children’s full names, gender, street address, and birthday. Parents are at risk as well, since many smart toys require parents to provide their own information and even a credit card number to enable certain features. Additionally, since smart toys connect to parents’ home WiFi, they are subject to the same cyber intrusions as computers, routers, and all other connected devices; hackers could potentially get into a home network through a child’s toy and make their way to the parents’ computers.

Connected toys have already been hacked. In 2015, VTech, a manufacturer of smart toys and baby monitors, was breached, exposing the personal data of over 5 million parents and approximately 200,000 children. Shortly before Christmas in 2016, Senator Bill Nelson (D-FL) cited the VTech hack, as well as security vulnerabilities in other children’s IoT devices, when he called on the Federal Trade Commission to “carefully monitor” smart toys and demanded that manufacturers properly secure them. Among the other issues Senator Nelson’s investigation uncovered were vulnerabilities in a GPS watch manufactured by hereO that allows parents to track their children’s locations and a “Smart Toy Bear” from Fisher-Price that records what children say to it.

What Parents Can Do

Some consumer groups are so alarmed that they have advised parents not to purchase smart toys until manufacturers can properly secure them. At the very least, the following precautions should be taken:

• Change the toy’s default login credentials immediately after purchasing it. Make sure to choose a unique, strong password.
• Do not provide a smart toy with any personal data on yourself or your child, such as addresses or birth dates, and turn off any cameras, voice recording, or location-tracking features.
• Make sure to download and install security updates for the toy’s software as soon as they are released. Be aware that manufacturers may stop supporting the toy with security updates once a new model has been released; at that point, it’s best to disconnect the toy.
• Do an internet search on the toy’s manufacturer. If they have already experienced a data breach, consider returning the toy to the store.

What Manufacturers Should Do

The cyber security experts at Continuum GRC agree with Senator Nelson’s proactive cyber security suggestions for smart toy manufacturers, such as:

• Limiting the amount of data collected to only that which is absolutely necessary for the toy to operate, and retaining children’s and parents’ personal data only for as long as absolutely necessary.
• Making cyber security an integral part of a smart toy’s software development lifecycle, not an afterthought. Smart toys should have strong cyber security measures built into them from the beginning.
• Continually reassessing the threat landscape and reevaluating the cyber security of individual toys, as the cyber threat landscape is dynamic, and new threats are continually emerging.

Smart toys and other connected devices used by parents and children are here to stay. The manufacturers of these devices have a responsibility to their customers and the general public to ensure that their products cannot be used as cyber weapons and vehicles for child identity theft.

The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.

Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.

[bpscheduler_booking_form]