ARN

Monetising malware: How cyber crooks are innovating like legitimate business

Australian attacks decrease in volume but increase in ferocity according to new report

Cyber criminals were once thought of as petty crooks looking to exploit unwary internet users in dodgy schemes, but thinking of them in terms of legitimate businesses is the only way to combat the increasing threat they present according to a new report from cyber security company, Symantec.

The report states that, along with an increase in politically motivated attacks, targeted attacks, spam and phishing campaigns, cybercriminals are rapidly switching their tactics in response to consumer behaviour and market forces.

“New sophistication and innovation is the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Kevin Haley, director, Symantec Security Response. “Zero-day vulnerabilities and sophisticated malware are now used sparingly, as nation states shift their attention from espionage to straight sabotage. Meanwhile, cybercriminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

In a local context, Symantec cyber security expert, Nick Savvides said that while Australia had dropped in regional and global rankings for total attacks, the company was seeing more targeted attacks hitting our shores.

An example of this can be seen when comparing Distributed Denial of Service (DDoS) attacks to ransomware. While the former is regarded as a more primitive form of attack but widely used due to its low cost of execution, Savvides suggested that like traditional business, cybercriminals are making investments targeted toward attack success.

As a result, Australia has seen an increase in targeted attacks, the vast majority of which involve ransomware. This indicates a switch in tactics on the part of cybercriminals to increase return on investment as ransomware is more lucrative than DDoS.

“DDoS is still extremely popular and we saw some of the biggest ever attacks last year. It is one of the main tools that the bad guys use to monetise their attacks,” Savvides said. “It is not going away, but in terms of revenue, I don’t see it as being bigger than ransomware right now."

Savvides cited figures from the report which stated that 34 per cent of ransomware victims globally pay the ransom the attackers demand. This number jumps to 67 per cent for US based victims of ransomware. While the vendor did not have specific figures in relation to Australia, Savvides estimated that Australian numbers sat between the global and US figures.

“You get more bang for your buck out of ransomware than you do out of DDoS and that is the reality [for cyber criminals] now. In order to run a successful business based on DDoS attacks, you need to have a very large botnet,” he said.

“You are more likely to make more money dealing in Ransomware that is a lot easier to distribute and a lot easier to monetise.

Due to the low cost distribution method of spam and the relatively high success rate of ransomware attacks, Savvides said ransomware would continue to be the number one concern for cyber security professionals.

For Savvides there are market forces at play here too. The majority of ransomware payment demands call for bitcoin payment, a currency which has increased in value significantly in recent years. As a result of the increased value of the currency the dollar cost of ransoms has risen as well.

“The average ransom is close to US$1000 now. We have seen ransoms of US$27,000 or higher but those are mainly targeted at businesses,” he explained.