Barracuda Networks, a provider of cloud-enabled security and data protection solutions, share their thoughts on what they expect to see in the next 12-18 months from a handful of experts
Ransomware attacks will continue to impact businesses in 2018. Attackers will continue to look for new mechanisms (like botnets) to deliver ransomware. As organisations become more dispersed and adopt cloud platforms, they also present an expanded attack surface for cybercriminals to launch multi-vector attacks, this causes web applications to be targeted by hackers to steal data and disrupt businesses
Sanjay Ramnath, Vice President Global Marketing, Barracuda shares, “We also expect the evolution of ransomware to “protectionware”. Cybercriminals may evolve from demanding ransoms to unlock data to demanding payments to avoid being targeted.”
Criminals use domain spoofing to impersonate a company or a particular employee and often send emails on behalf of a company to customers or partners to steal credentials and gain access to their accounts.
Fleming Shi, SVP of Technology, Barracuda Domain shares, “Spoofing is increasing rapidly and will continue to grow throughout 2018. There’s been a stark increase in volume of mass phishing attacks, where cybercriminals spoof popular e-commerce and consumer brand names and websites aimed to steal information.”
Attackers take user credentials and retrieve credit card information, additional personal information and learn more about their victim’s online behavior for future social engineering attacks. They build websites that mimic real websites to try to siphon victims during peak shopping times. Even though counterfeit sites aren’t identical to real sites, attackers count on the fact that most consumers don’t buy from these brands directly and won’t recognize what the home page looks like.
“Brand hijacking in both emails and spoofed websites will only continue to grow in the next year. Both companies and consumers need to be on guard, educated and ready for these threats.” Shi ends.
Eugene Weiss, lead platform architect in Barracuda shares that “We’re seeing a rapid increase in the volume of mass ransomware threats, which will continue over the next 12-24 months. The growing availability of cryptocurrencies provides attackers with the possibility to remain anonymous while conducting mass attacks.”
New cryptocurrencies that are more anonymous than Bitcoin will accelerate this. The small payment sizes make it more likely that victims pay. Since smaller organisations continue to pay ransoms, mass ransomware has become a threat epidemic and will not slow down anytime soon.
“In contrast, targeted ransomware involves a focused effort to penetrate a large and often well protected entity. Successful targeted attacks often involve several hours of research, as well as trial-and-error attacks; whereas mass ransomware attacks cast a wide net and wait for victims to take the bait. Targeted attacks also carry a higher risk of communication with the victim and an increased likelihood of sophisticated law enforcement resources.” he ends
There’s been a stark increase in email attacks that impersonate secure messages from financial institutions recently. These fake “secure messages” carry malicious content and malware for download.
Impersonation is one of the most common tactics used in email attacks threats carry malicious word documents that often appear harmless, but include embedded script that can be updated by attackers at a later date. This script can be modified to deploy a variety of threats including ransomware or advanced persistent threats.
“These attacks are very difficult to spot by end users, as the email domains used in this attack are designed to look like real emails that customers might receive from an actual bank” adds Shi
Tim Jefferson, Vice President of Public Cloud, Barracuda said “We’ve seen some great strides in public cloud functionality this year, and there’s no doubt it will continue to advance, but now it’s time for the companies using the cloud to catch up.
“2017 took us well into the cloud generation, I am optimistic that 2018 will be the year where customers begin to find their part of the shared responsibility model (SRM) more actionable, and begin to accelerate the deployment of more risk-sensitive workloads into public cloud. If this proves to be the case, there’s no reason we shouldn’t expect to see public cloud adoption continue to spike.” he ends