The biggest cyber threat faced by society is ransomware. Criminals are becoming more innovative and cyber security organisations are in an arms race with them.
This is according to Raj Samani, chief technical officer, Intel Security, EMEA who addressed delegates at the ITWeb Security Summit 2016 in Midrand yesterday. Discussing cybercrime-as-a-service and the ease with which cyber attacks can be conducted, Samani highlighted the importance of studying and understanding the opposition.
"Who are these people that we're up against? What does it take to take down a botnet? Who are the criminals? What is the threat that we're facing?" he asked the audience.
He said criminals behind ransomware campaigns are now outsourcing almost every single component required to cause as much infection as possible and make money in the process.
"Why should criminals send spam from their own computer when they can just use a spam bot or whaling? If they want to spread infection, they can simply use an exploit kit such as nuclear," he stated.
He explained the way criminals work now is to outsource every component to get the absolute best people they can to make their money.
"That is the challenge that we face today, anybody can be a cyber criminal. All they need is a means to pay these people who can get the job done.
"When malicious people act on the Internet, the lure of money is the primary, but not the sole motivation as some crimes are political," he explained.
Samani said at the beginning of 2009, he saw a growing number of attacks motivated by politics. In October the same year, aerospace and defence company Northrop Grumman prepared a study for the US-China Economic and Security Review Commission.
"The report claims that Chinese hackers are increasingly targeting US companies and government agencies. It further states that technical assessments of operational tradecraft observed in intrusions attributed to China are the result of extensive forensic analysis and discussions with information security professionals who follow these issues closely," revealed Samani.
However, the US is not the only target, and China is not the only presumed attacker, he warned.
"Turns out Iran was the most impacted country in the world. Number two was Peru, this shows the level of cyber maturity in Western Europe.
"The US and SA are also relatively high. Criminals are constantly updating software and everyone who was running anti-virus updated, but there are many companies in the world where a basic level of cyber hygiene doesn't' exist," he added.
"Ransomware, five years ago was browser hijacked but now it's infecting not only your data but it's also encrypting every single file with only a single decryption key. So 1 000 files need a thousand keys," he elaborated.
He noted as a security industry, people believe what they do is about malware or ransomware, but it is so much more. There is a perception that cyber crime is different from other types of crime, but it's the same thing.
"We still have people infected with malware everyday, whose passwords are stolen, criminals owning their identities. We as an industry have to try to get people to understand that what we're talking about is serious everyday life," he advised.
"When we do the take downs and create free cyber crime fighting tools, our biggest challenge is to get everyday people to realise what we've done," he concluded.
Share