Global ransomware attacks are increasingly linked to nation states, with the lines between politics and crime often blurring, Europe’s police agency Europol said on Tuesday. Key ransomware attacks include the so-called WannaCry and NotPetya malware, which infected hundreds of thousands of computers around the world in 2017, demanding that users pay ransoms to regain access.”Ransomware retains its dominance,” said Europol’s latest annual report on cybercrime. “In addition to attacks by financially motivated criminals, a significant volume of public reporting increasingly attributes global cyber-attacks to the actions of nation states,” said the agency, based in The Hague. IT security experts commented below.
Ed Williams, Director EMEA, SpiderLabs at Trustwave:
This kind of reconnaissance isn’t something to be undertaken lightly. Without experience of the codes of practice within these networks, such intelligence gathering can garner unwanted attention. As the report correctly outlines, accessing this and other dark-web related information needs to be measured and done lawfully.
Whether intelligence is gathered by an in-house security intelligence team, or through an intelligence partner, underground dark-web surveillance should form part of a portfolio of data sources from which to build security systems and procedures. A pan-government, transparent (where possible), initiative to highlight new Tactics, Techniques and Procedures (TTPs) would help the continuous fight against threat actors – cooperation across borders is essential in fighting criminals who have global agendas.”
Rusty Carter, VP of Product Management at Arxan Technologies:
CNP fraud further highlights the need for MFA in transactions. Institutions and issuers will need to build the infrastructure to enable PoS and online merchants, and start requiring it at least initially for high value transactions. These are well known security techniques in other industries and enterprise information security where additional authentication factors and environmental conditions need to be present, such as a secured app for token retrieval by the user, in order to escalate privileges. As users become more accustomed to this for transactions, institutions can lower the thresholds in order to optimise transaction speed and ease with fraud loss.”
Javvad Malik, Security Advocate at AlienVault:
Notable by its omission, there is no mention of the role of bots by organised crime and state to push agendas and misinformation, even though there are increasing industry studies that points to these as being tools in the arsenal of attackers.”
Ross Rustici, Senior Director, Intelligence Services at Cybereason:
1) “A combination of legislative and technological developments, such as 5G and the redaction of WHOIS, will significantly inhibit suspect attribution and location for law enforcement agencies and security researchers.”
2) “The almost inevitable closure of large, global Darknet marketplaces has led to an increase in the number of smaller vendor shops and secondary markets catering to specific language groups or nationalities.”
3) “New legislation relating to data breaches will likely lead to greater reporting of breaches to law enforcement and increasing cases of cyber-extortion.”
GDPR, while increasing privacy for normal users has also enhanced the criminal’s ability to hide their identity and activity. Additionally, the increased cases of cyber-extortion can be directly linked to the fines laid out in the new law. Despite the best intentions, the EU incidentally increased the profitability and immunity of cyber criminal activity. That is a price they may be willing to pay, but it has a significant negative effect on those attempting to discover and disrupt cyber criminal behavior.
Furthermore, the successful operations against Darknet marketplaces has had a predictable effect of balkanizing the criminal underground. This is always the trade off when it comes to law enforcement action and the successful infiltration of such a rich data source. Taking it offline serves a major temporary disruption, but in the long run creates a larger problem. We are now seeing what that larger problem is. The fracturing of the Darknet has created numerous pockets of illicit activity that break down on language, trust and have tighter access restrictions. This changes the nature of the threat. While large forums allow for a significant number of criminals to free ride on the work of a few, either through the purchase of tools, data, or access, the splintering creates divergent capabilities and insular groups. This is likely to lead to a less numerous but more capable cyber criminal ecosystem.
Andy Norton, Director of Threat Intelligence at Lastline:
Ilia Kolochenko, CEO at High-Tech Bridge:
The rising predominance of crypto-miners is quite predictable, as millions of previously “worthless” devices (e.g. unpatched routers), can now bring some riskless profit to the attackers.
Sophistication of the malware and attacks will, however, likely be a key trend in the upcoming years. Users become more and more paranoid, and banal spam campaigns will hardly bring any profit to cybercriminals. Therefore, they become more creative, insidious and perfidious. We will probably see an increasing attacks on trusted third parties (e.g. suppliers) to get into the large organizations.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.